US20080222711A1 - Method and Apparatus to Create Trust Domains Based on Proximity - Google Patents
Method and Apparatus to Create Trust Domains Based on Proximity Download PDFInfo
- Publication number
- US20080222711A1 US20080222711A1 US12/035,309 US3530908A US2008222711A1 US 20080222711 A1 US20080222711 A1 US 20080222711A1 US 3530908 A US3530908 A US 3530908A US 2008222711 A1 US2008222711 A1 US 2008222711A1
- Authority
- US
- United States
- Prior art keywords
- processor
- credential
- close range
- communication
- transceiver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0492—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload by using a location-limited connection, e.g. near-field communication or limited proximity of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/23—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/20—Individual registration on entry or exit involving the use of a pass
- G07C9/22—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
- G07C9/25—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
- G07C9/257—Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/50—Secure pairing of devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/18—Service support devices; Network management devices
Definitions
- the present invention relates generally to computer network communications, and more specifically to methods for deploying dynamic credential infrastructure based on proximity.
- Internet Millions of people now use the Internet and the Web on a regular basis.
- Web WorldNet
- These users perform a wide variety of tasks, from exchanging electronic mail messages to searching for information to performing business transactions.
- These users may be accessing the Internet from home, from their cellular phone, or from a number of other environments where security procedures are not commonly available.
- PKI Public Key Infrastructure
- Certificates utilize public keys and third party verification entities to allow servers to decode client transmissions and authenticate the client's identity.
- a first node in a network can encrypt a message with its own private key. The message can be read by a second node with the first node's public key.
- a public key can only be used to decrypt messages created by the private key and cannot be used to encrypt messages. Thus, the first node is free to distribute their public key.
- X0.509 is an ITU Recommendation and International Standard that defines a framework for providing authentication.
- ITU Recommendation X0.509 (1997) Information Technology—Open Systems Interconnection—The Directory: “Authentication Framework”, dated November 1993. This information is also published in International Standard ISDO/IEC 9594-8 (1995).
- a certificate format is defined in this standard. Certificates created according to this international standard, in the defined format, are referred to as “X0.509 certificates.”
- methods, systems and devices are provided for deploying dynamic credential infrastructure based on proximity.
- the embodiments include establishing a close range or near field communications link and sending credentialed information across that communications link.
- the identity of a user may be verified using another separate credential, such as a password or biometric data.
- a variety of wireless proximity-limited communication technologies may be used for mobile devices (e.g., cell phones, PDAs, and other wireless devices) to establish a peer-to-peer (P2P) data link.
- P2P peer-to-peer
- security credential information can be communicated via that link that can be used to secure or authenticate another wireless communication technology, such as BlueTooth® or Wi-Fi, that can be used for longer-range communication or for transferring larger amounts of data. Since wireless proximity-limited communication technologies are limited to short ranges, this self establishing wireless communication link provides an intuitive mechanism for users to authenticate mobile devices prior to or during transfer of credential information by bringing two or more mobile devices into close proximity.
- another wireless communication technology such as BlueTooth® or Wi-Fi
- FIG. 1 is a system block diagram of wireless cellular network which includes short-range wireless communication implemented on a number of mobile devices.
- FIG. 2 is a process flow diagram of an embodiment method suitable for joining a device to a trust domain.
- FIG. is a message flow diagram of the embodiment for establishing a trust domain illustrated in FIG. 2 .
- FIG. 4 is a process flow diagram of another embodiment method suitable for establishing a trust domain.
- FIG. 5 is a message flow diagram of the embodiment for establishing a trust domain illustrated in FIG. 4 .
- FIG. 6 is a process flow diagram of another embodiment method suitable for establishing a trust domain.
- FIG. 7 is a process flow diagram of another embodiment method suitable for establishing a trust domain.
- FIG. 8 is a message flow diagram of the embodiment for establishing a trust domain illustrated in FIG. 7 .
- FIG. 9 is a process flow diagram of an embodiment method suitable for establishing a trust domain among a number of devices.
- FIG. 10 is a message flow diagram of the embodiment for establishing a trust domain illustrated in FIG. 9 .
- FIG. 11 is a process flow diagram of another embodiment method suitable for establishing a trust domain.
- FIG. 12 is a message flow diagram of the embodiment for establishing a trust domain illustrated in FIG. 11 .
- FIG. 13 is a process flow diagram of an embodiment method suitable for removing a device from a trust domain.
- FIG. 14 is a message flow diagram of the embodiment for removing a device from a trust domain illustrated in FIG. 13 .
- FIG. 15 is a circuit block diagram of an example mobile device suitable for use with the various embodiments
- FIG. 16 is a circuit block diagram of an example computer or other programmed device suitable for use with the various embodiments
- FIG. 17 is a circuit block diagram of an example server suitable for use with the various embodiments
- FIG. 18 is a system block diagram of a wireless patient monitoring system according to an embodiment.
- FIG. 19 is a process flow diagram of an embodiment method suitable for connecting components within the patient monitoring system shown in FIG. 18 .
- FIG. 20 is a circuit block diagram of an example virtual cable connector device suitable for use with the various embodiments
- FIG. 21 is a process flow diagram of an embodiment method suitable for is a process flow diagram of an embodiment method suitable for connecting components within the patient monitoring system shown in FIG. 18 using the virtual cable connector device shown in FIG. 20 .
- the terms “mobile device” and “handheld device” refer to any one or all of cellular telephones, personal data assistants (PDA's), palm-top computers, wireless electronic mail receivers and cellular telephone receivers (e.g., the Blackberry® and Treo® devices), multimedia Internet enabled cellular telephones (e.g., the iPhone®), and similar personal electronic devices which include a programmable processor and memory, a close range communication transceiver and another communication transceiver capable of connecting to a wireless network.
- PDA's personal data assistants
- Palm-top computers e.g., the Blackberry® and Treo® devices
- multimedia Internet enabled cellular telephones e.g., the iPhone®
- similar personal electronic devices which include a programmable processor and memory, a close range communication transceiver and another communication transceiver capable of connecting to a wireless network.
- the terms “device,” “communication device,” “wireless device,” and “wireless communications device,” are used interchangeably to refer to electronic devices which include a close range communication transceiver, a second transceiver (which may be wired or wireless) and a processor coupled to the two transceivers which is configured with software instructions to participate in the embodiment systems and perform some steps of the embodiment methods.
- a close range communication transceiver which may be wired or wireless
- a processor coupled to the two transceivers which is configured with software instructions to participate in the embodiment systems and perform some steps of the embodiment methods.
- Some examples of suitable devices are described in more detail below with reference to FIGS. 1 , 15 - 17 and 20 , but the terms are intended to be interpreted broadly as the embodiments are applicable to a broad range of applications and implementations beyond those of the example embodiments.
- Some embodiments refer to cellular telephone network systems including cell towers of such networks, the scope of the present invention and the claims encompass any wired or wireless communication system, including for example, Ethernet, WiFi,
- trust domain refers to a set of devices in possession of common or related credentials such that the devices can “trust” each other to share confidential information and exchange communications in a secure manner.
- An example of a trust domain is a pair (or more) of devices sharing a set of X0.509 certificates signed by the same Certificate Authority (CA), i.e. a PKI.
- CA Certificate Authority
- Another example of a trust domain is a pair (or more) of devices sharing symmetric credentials. To extend a trust domain to another device, the receiving device needs to be verified as a valid new member, and the credentials need to be exchanged securely.
- the various embodiments make use of wireless proximity-limited communication technologies to impose the need to bring two electronic devices to authenticate and then exchange credential information such as digital certificates, encryption keys, and other credential data as may be used to deploy credential infrastructure (such as PKIs) for secure wired or wireless communication between two or more devices.
- credential infrastructure such as PKIs
- a variety of wireless proximity-limited communication technologies may be used for this purpose.
- NFC near-field communications
- NFC technology devices operate in the unregulated RF band of 13.56 MHz and fully comply with existing contactless smart-card technologies, standards, and protocols such as FeliCa and Mifare.
- NFC-enabled devices are interoperable with contactless smart-cards and smart-card readers conforming to these protocols.
- the effective range of NFC protocol communications is approximately 0-20 cm (up to 8 in.) and data communications terminates either by a command from an application using the link or when the communicating devices move out of range.
- the NFC protocols are short-range wireless connectivity standards.
- a number of international standards have been established for NFC protocols, including for example: ISO/IEC 14443; ISO/IEC 15693; ISO/IEC 18092; ISO/IEC 21481; ISO/IEC 22536; ISO/IEC 23917; ISO/IEC DIS 28361; ECMA-340, referred to as NFCIP-1; ECMA-352, referred to as NFCIP-2; ECMA-356; ECMA-362; ECMA-373; ECMA/TC32-TG19/2006/057; NFC-WI; and NFC-FEC.
- the embodiments and the claims are not necessarily limited to any one or all of the NFC protocols, and instead may encompass any close range (i.e., proximity-limited) wireless communication link.
- Any wireless proximity-limited communication technology may be used in some of the embodiments.
- wireless proximity-limited communication links may be established using other close range communication media, including for example radiofrequency identification (RFID) tags and the IrDA (Infrared Data Association) protocol.
- RFID radiofrequency identification
- IrDA Infrared Data Association
- other close range wireless protocols and standards may be developed and may be used in the various embodiments in the same manner as NFC protocol devices.
- longer range wireless technologies and protocols may be used with modifications or additions that limit their effective range for purposes of identifying electronic devices one to another.
- WiFi, BlueTooth® which communicates using the 2.4 GHz frequency band
- UWB Ultra Wideband
- IEEE 802.15.4 and Zigbee® wireless communication protocols and standards
- the power of transmitters may be limited for authentication communications, such that two devices must be relatively close together (e.g., within a few feet of each other) in order to send and receive the communications.
- round-trip communication delay limits may be imposed such that authentication communications can only occur if the round trip of such signals is less than a threshold set to reject signals sent from more than a dozen feet or so, which may be as short as two to three feet separation.
- RFID radio frequency identification
- the various embodiments and the claims refer to “close range communications” and “near field communications” in order to encompass any and all wireless proximity-limited communication technologies.
- References herein to “close range communication links” (CRCL) and “near field communications” are not intended to limit the scope of the description or the claims in any way other than the communications technology will not exchange credential information beyond about three meters (about twelve feet).
- the communication range is limited to less than about one meter (about three feet), in a further preferred embodiment, the communication range is limited to less than about one foot, and in some embodiments the communication range is limited to approximately 0-20 cm (up to 8 in.).
- references to “near field communication protocol” and “NFC protocol” communications are intended to be limited to communications transceivers and technologies with ranges provided by the various NFC protocols and standards listed above, but may also include RFID transceivers and technologies with a similarly limited communication range.
- NFC protocol technology With close range communications like NFC protocol devices it is possible to connect any two devices to each other to exchange information or access content and services—easily and securely.
- Solution vendors argue that the intuitive operation of NFC protocol systems makes the technology particularly easy for consumers to use (“just touch and go”), while the inherent security resulting from its very short communication range makes such systems ideal for mobile payment and financial transaction applications.
- Familiar applications of NFC protocol technology are electronic pass keys used in building security systems, mass transit fare card systems, and smart credit cards which need only to be brought close to a point of sale reader to complete a transaction.
- credentialed infrastructure such as PKIs
- PKIs public key infrastructure
- the exchange of credential information can be handled using a variety of proven methods, which can involve complex protections to prevent eavesdropping, counterfeiting and misappropriation.
- two devices can be placed in close proximity to allow users to be inherently trusted (i.e. correct device behavior is in the user's interest), or the proximity condition is established in a trusted environment (e.g. at a teller station in a bank), or additional credentials are used to allow the extension of a trust domain to a new device.
- the various embodiments provide simpler systems and methods to extend a trust domain of an existing credentialed infrastructure by leveraging the inherent security afforded by proximity.
- the various embodiments leverage close range communications to exchange credential information in order to ensure physical awareness prior to creating or extending a trust domain.
- close range near-field communication technology establishes physical awareness between a device already in a trust domain and a new device to be added, as the devices need to be in close contact (e.g., within about 8 inches with NFC protocol devices).
- a device within the trust domain uses a wireless protocol to send credential information to the new device. While close range communications and NFC protocol links allows credentials to be exchanged in the clear with minimal risk of interception or interference, integrity-protected, and/or confidentiality-protected communications may also be used depending on the implementation.
- NFC protocol technologies are limited to such short ranges that users must touch or nearly touch two devices together to establish the communication link.
- This physical action referred to herein as a proximity event, thus provides an intuitive mechanism for establishing a peer-to-peer (P2P) wireless communication link; if users want to join a new device to a trust domain, they merely touch the new device to a member of the trust domain.
- P2P peer-to-peer
- this touch-to-communicate mechanism is leveraged to provide an intuitive means for users to authenticate mobile devices to one another prior to or while exchanging credential data. Once the two (or more) devices establish a closer range P2P link and exchange credential data, longer range wireless (or wired) network secured and trusted communications can be established using the credential infrastructure.
- the various methods obviate the need for involved security and authentication protocols to form or add members to a trust group.
- the limited range of close range P2P links makes them generally invulnerable to eavesdropping and avoids issues of unwanted devices attempting to hack into trusted communications via long range wireless links.
- the short-range communication link may also be used to exchange information required to establish the second wired or wireless communication link that is used by the trust domain.
- the two devices may exchange address and device identifier information necessary to enable immediately establishing a BlueTooth® wireless data link with no further synchronization activity or user action.
- the two devices may exchange Internet protocol (IP) or local area network address information to enable communication via WiFi wireless or Ethernet-based networks. In this manner, the proximity event ensures that the two devices are able to communicate securely without requiring any further user action.
- IP Internet protocol
- the various embodiments enable users to initiate secure trust domain communications merely by bringing two or more devices into close proximity.
- a trust domain may utilize a proximity event and the associated close range communication link to accept a new member as a valid device to extend the trust domain to the new member. This may entail user notification.
- the trust domain may utilize the proximity detection method in conjunction with user confirmation to accept a new member as a valid device to extend the trust domain to new member. This embodiment is explained in more detail below with reference to FIGS. 2-3 .
- a trust domain utilizes a proximity event and the associated close range communication link plus another separate credential to accept a new member as a valid device to extend the trust domain to the new member.
- This embodiment may entail passwords, biometric measurements, and other externally provided credentials. This embodiment is explained in more detail below with reference to FIGS. 4-5 .
- a trust domain utilizes a proximity event and the associated close range communication link plus another credential already established on a new device, e.g. a provisioning PKI of the device manufacturer or service provider to verify the origin of the new member, while the proximity condition is used to further authenticate the new device and communicate credentials for a new service.
- a proximity event e.g. a provisioning PKI of the device manufacturer or service provider to verify the origin of the new member
- the proximity condition is used to further authenticate the new device and communicate credentials for a new service.
- a trust domain utilizes a proximity event and the associated close range communication link of two subsequent devices (such as within a certain time limit) to accept a new member as a valid device and to extend the trust domain to the new member.
- the first device contact establishes a physically secure environment (e.g. a bank's customer service desk), while the second device contact (i.e., proximity event) establishes a credential to use to establish the trust domain.
- This embodiment may be useful when the provisioning entity is trusted by a service entity via other non-electronic/non-cryptographic means, e.g. contractually, via ownership, etc. This embodiment is explained in more detail below with reference to FIGS. 9-10 .
- the set of credentials within the trust domain may be pre-existing when the new member is discovered in a proximity condition.
- the trust domain may extend the existing set of credentials to the new device.
- a member of the trust domain may generate a new set of credentials triggered by the discovery of the new member in a proximity condition. This alternative is explained in more detail below with reference to FIGS. 11-12 .
- a proximity event may also be used as part of removing a device from a trust domain. This embodiment is explained in more detail below with reference to FIGS. 13-14 .
- FIG. 1 shows a block diagram of a trust domain communication network 10 including a cellular network in which some mobile cellular devices have the additional ability to function as readers of close-range wireless communications, such as NFC protocol and RFID communications.
- the network 10 may include a terminal 12 , which in the illustrated system is configured with a network antenna and transceiver for transmitting and receiving cellular signals 2 from/to a cellular base site or base station (BS) 16 .
- the terminal 12 also includes a close range communications transceiver.
- the base station 16 is a part of a cellular network that includes elements required to operate the network, such as a mobile switching center (MSC) 18 .
- MSC mobile switching center
- the MSC 18 is capable of routing calls and messages to and from the terminal 12 via the base station 16 when the terminal 12 is making and receiving cellular data calls.
- the MSC 18 also provides a connection to telephone landline trunks (not shown) when the terminal 12 is involved in a call.
- the MSC can, but need not, be coupled to a server gateway 22 coupled to the Internet 24 .
- the MSC 18 can also be coupled to a network 19 by a wired network connection 1 , such as a local area network (LAN), a metropolitan area network (MAN), and/or a wide area network (WAN).
- a wired network connection 1 such as a local area network (LAN), a metropolitan area network (MAN), and/or a wide area network (WAN).
- the MSC 18 can be coupled to the network 19 directly by a wired network connection 1 , or if the system includes a gateway 22 (as shown), the MSC can be coupled to the network 19 via the gateway 22 which has a wired network connection 1 to the network 19 .
- the MSC 18 is coupled to the gateway 22
- the gateway 22 is coupled to the Internet 24 .
- electronic devices such as a laptop computer 30 (as shown) or any other processing elements (e.g., personal computers, server computers or the like) can be coupled to the terminal 10 via the Internet 24 by way of their own Internet connection 9 .
- processing elements e.g., personal computers, server computers or the like
- one or more processing elements associated with a CA server 26 may be coupled to this network 10 by way of the Internet 24 .
- the terminal 12 may be equipped to communicate with other devices, such as mobile devices 28 , 29 , 30 via a local wireless network 3 and a close-range communication link 4 .
- the terminal 12 is configured to communicate with a first mobile device 28 , a second mobile device 29 and a laptop computer 30 , each equipped with an internal NFC protocol transceiver (e.g., for example an NFCIP-2 transceiver).
- the terminal 12 is also configured to communicate with these devices 28 , 29 , 30 via another longer range wireless communication link, such as a BlueTooth® or other local area wireless link 3 .
- the terminal 12 may include an NFCIP-2 NFC transceiver and an IEEE 802.11g wireless data network transceiver.
- the mobile devices 28 , 29 and the laptop computer 30 as illustrated are configured with compatible NFC protocol and local area (or wide area) wireless transceivers.
- the close range communication transceivers in the terminal 12 and the other network devices 28 , 29 , 30 may be any of a number of different known transceivers (including for example RFID tags) capable of transmitting and/or receiving data in accordance with any of a number of different close range techniques, such as defined in the NFC protocols and standards listed above.
- the NFC transceiver may be a NFCIP-1 or NFCIP-2 transceiver, an RFID transceiver or RFID tag, or use BlueTooth® (i.e., communication in the 2.4 GHz frequency band), infrared, IrDA (Infrared Data Association), UWB (Ultra Wideband) or other wireless communication links.
- the terminal 12 and network devices 28 , 29 , 30 also include a second data communication link that can be used for securely transmitting data within the trust domain.
- the second data communication link may be a local area wireless link 3 , such as according to the IEEE 802.11g standard.
- This second data communication link need not be wireless, and can be a wired local area network (not shown), such as a ring token network or an Ethernet network.
- the network 10 may also or alternatively include any of a number of different electronic devices, including other mobile terminals, wireless accessories (e.g., mass storage devices, networked printers, monitors, etc.), portable digital assistants (PDAs), pagers, desk top computers, medical devices, data sensors, and other types of electronic systems.
- wireless accessories e.g., mass storage devices, networked printers, monitors, etc.
- PDAs portable digital assistants
- pagers e.g., pagers, desk top computers, medical devices, data sensors, and other types of electronic systems.
- FIG. 1 illustrates devices that may be members of a trust domain.
- a trust domain may be established among the terminal 12 , mobile devices 28 , 29 and a laptop computer 30 .
- An example of such a trust domain may be an office networked computer system that uses the terminal 12 as a hub for administering the trust domain.
- the trust domain may include mobile devices 28 , 29 for remotely processing credit cards by communicating with a central data processor and communication hub (e.g., terminal 12 ).
- the trust domain may include mobile physician assistant PDAs 28 , 29 and remote terminals 30 for distributing patient records from and transmitting patient information to a central data processor and communication hub (e.g., terminal 12 ).
- the trust domain is able to share data within the trusted devices via secure messages transmitted by a wireless data link 3 .
- Such trust domain transmissions may be peer-to-peer links, such as illustrated between mobile device 28 and mobile device 29 , or indirect network communications via the terminal 12 , such as illustrated between the mobile devices 28 , 29 and the laptop computer 30 .
- Such a trust domain may also communicate with external websites and data sources, such as by the terminal 12 communicating via a cellular data communication link 2 with a base station 16 coupled to the Internet 24 , or the laptop computer 30 connected directly to the Internet 24 as illustrated.
- one or more of the mobile devices 28 , 29 may also be able to communicate directly with the base station 16 , such as by a cellular data communication link 2 .
- the architecture illustrated in FIG. 1 also supports trust domains that include distant elements, such as a server 26 coupled to the Internet 24 .
- a trust domain may be administered by CA server 26 via the Internet 24 .
- Messages intended for the trust domain may be transmitted from the CA server 26 via the Internet 24 to a base station 16 and then to the terminal 12 as illustrated.
- the trust domain messages may be rebroadcast via local wireless communication links 3 to the other group members 28 , 29 , 30 .
- Messages from any member of the trust domain may then be routed to the CA server 26 in a reverse manner.
- the trust domain may include computing devices that are beyond the range of the terminal 12 , such as a computer coupled to the Internet 24 .
- Messages to and among trust domain members may be directed to each member device using IP addresses and addressing schemes that are well known in the Internet arts.
- the various embodiments provide new mechanisms for establishing a trust domain or for joining new members to an existing trust domain.
- close range communication transceivers By adding close range communication transceivers to the terminal 12 and member mobile devices 28 , 29 , 30 , the proximity limitation of such transceivers is leveraged to make two unrelated devices, such as terminal 12 and mobile device 28 , aware of each other.
- the first mobile device 28 is brought in very close proximity to the terminal 12 .
- the first mobile device 28 and the terminal 12 establish a close range data link 4 .
- the first mobile device 28 may send a request to the terminal 12 to be joined to a trust domain. Additional information such as device addressing, user notification, and/or trust domain participation confirmation may also be addressed at this point.
- the first mobile device 28 and the terminal 12 have data connectivity via disparate physical links, e.g. an 802.11g wireless link 3 and a CDMA cellular data communication link 2 in addition to the close range link 4 .
- the trust domain can be established using the 802.11g wireless link 3 , the CDMA cellular data communication link 2 , or both.
- one or more of the group devices e.g., the laptop computer 30
- Each device 12 , 28 , 29 , 30 can use its close range communication transceiver to communicate with a new device and its secured communication link (e.g., wired, wireless and/or cellular links 1 , 2 or 3 ) to notify other members of the trust domain that a new device has joined or asked to join the trust domain, and hence extend the trust domain.
- a new device and its secured communication link e.g., wired, wireless and/or cellular links 1 , 2 or 3
- any member of the group having close range communication capability can join another device to the group by being placed in close proximity to the new device sufficient to establish a close range communication link 4 . Since the networking authentication is established by bringing two devices in close proximity and the credentials, network and trust domain addresses and set up information are communicated via the close range communication link 4 , joining a new device to an established trust domain can be completely transparent to the user.
- the network 10 illustrated in FIG. 1 enables a variety of connections between mobile devices 28 , 29 and other computing devices on the network, such as a laptop 30 .
- the trust domain can communicate by means of cellular communications networks 2 , by local wireless networks 3 , by wired network connections 1 accessed via cellular communication links 2 to the base station 16 via the MSC 18 and network 19 , and via the Internet 24 by an Internet connection 9 .
- This flexibility in network connections is illustrated with respect to the laptop 30 with dashed communications symbols.
- the trust domain devices may communicate with each other directly through secure peer-to-peer links or indirectly via networks 1 , 2 , 3 , 9 , or 24 .
- FIG. 1 shows a terminal 12 to be an immobile terminal
- this device may itself be a mobile device, such as a mobile device 29 , laptop computer or personal computer on a mobile cart.
- a mobile device 29 may serve as the hub of a trust domain including itself, the mobile device 28 and the laptop 30 , with network communications including a cellular data network link 2 and a local area wireless link 3 .
- network communications including a cellular data network link 2 and a local area wireless link 3 .
- communications to, from and among the trust domain members may proceed according to well-known trust domain communication methods and protocols.
- Each device that may be joined to a trust domain may be configured with application software to automatically negotiate the creation of a trust domain when any two devices are brought in close proximity.
- the devices may be configured with application software to automatically join one device to an established trust domain of which the other device is a member when the two devices are brought into close proximity.
- Such applications using the communication capabilities of close range communication transceivers can eliminate much of the complexity of establishing secure trust domains. The need for users to enter group identification and communication link information into one or more devices is replaced by a requirement that two devices be touched (or nearly touched) together. In this manner, an extensive trust domain can be quickly configured by simply touching the various member devices together in sequence.
- the various embodiments provide a secure mechanism for exchanging trust domain communication, identification and address information. Since close range communication links 4 are by definition very short range, they are resistant to eavesdropping and interference from other devices.
- FIG. 1 shows the mobile device 28 sufficiently close to the terminal 12 to establish an NFC link 4 , while other members of the group (such as mobile device 29 and laptop computer 30 ) cannot receive or interfere with that communication. Since credential security and addressing information are not exchanged over wide-area communication links 2 , 3 , there is low risk of inadvertent joining of devices, or disclosing credential information to eavesdroppers.
- a secure trust domain can be quickly formed in a public location without users having to engage in cumbersome security procedures.
- FIG. 1 is described above as being based upon a cellular data network, the same basic architecture may be implemented with other wireless network technologies, such as a WiFi or WiMax network.
- the base station 16 would be a WiFi or WiMax (for example) base station.
- Other elements of such a network 10 would be substantially the same as shown in FIG. 1 and described above, except that the terminal 12 and other network elements 28 , 29 , 30 would be configured to communicate using the WiFi (or other) wireless communication protocol. Accordingly, a separate figure for depicting alternative wireless and wired communication technology networks is unnecessary, and references to components in subsequent figures using reference numerals shown in FIG. 1 are intended to encompass both cellular and other wired and wireless network elements.
- the terminal 12 may be coupled to a local area network 19 by a wired connection (similar to the wired network connection 1 shown in coupling to the laptop 30 ), and need not include a cellular network transceiver.
- a new device 28 is connected to an existing trust the main among the mobile device 29 and terminal 12 .
- a trust domain may be based upon shared credential information (e.g., a PKI set of an encryption key credentials) as is well known in the art.
- shared credential information e.g., a PKI set of an encryption key credentials
- the new device 28 is brought into close proximity with the terminal 12 or the other mobile device 29 so that a close-range communication link is automatically established; step 100 , messages 34 .
- the process of establishing a close-range communication link 4 may involve a series of handshaking communication exchanges encompassed within messages 34 .
- any of the known NFC protocol link establishment methods may be employed.
- the new device 28 may request registration with the trust domain, step 102 , such as by transmitting its device ID and a standard request message, message 36 .
- the receiving device may send the security credential to the new device 28 along with a challenge message over the close range communication link 4 ; step 106 , message 38 .
- This message may also include seed data for security credentials if such encryption technology is used.
- the new device may store the credential information and then calculate the appropriate response to the challenge and send the response back to the terminal or mobile device 29 over the close range communication link 4 ; step 108 , message 40 .
- the receiving device whether terminal 12 or mobile device 29 , checks the challenge response message to confirm that the value is correct, test 110 . If the value is correct, this indicates that the credential was accurately received and is being properly processed by the new device 28 , enabling the trust domain to be extended to the new device 28 so secure communications can begin over the trust domain data link, step 112 . If however, the challenge response is incorrect, indicating that the credential was not properly received, the terminal 12 or mobile device 29 may resend the credential, repeating step 106 and resending message 38 .
- a user of the terminal 12 or mobile device 29 may be requested to perform an action to acknowledge and authorize the registration, optional step 104 .
- This may be in the form of a request for the user to confirm the intent to admit the new device 28 , such as by pressing the letter “Y” on a keypad, or entering a password or submitting to a biometric scanner to confirm that the user is someone who can authorize extending the trust domain to the new device 28 .
- the user of the new device 28 may be notified that the device is being added to the trust domain.
- a notification may be in the form of a message presented on the mobile device display.
- the device admitting the new device 28 to the trust group may inform other devices within the trust domain, as well as notify a user, that the new device is being added, such as by communicating a message to be presented on each devices' display.
- the receiving device i.e., terminal 12 or mobile device 29
- the process of establishing the close range communication link, step 100 and messages 34 prompts the receiving device to extend the trust domain credential.
- the steps of joining a new device 28 to a trust group consists only of touching or nearly touching the new device 28 to a device that is part of the trust group, such as the terminal 12 or mobile device 29 , step 100 .
- the user of the new device 28 receives a notification (e.g., an optional display notification or operation of the device) that secure communications have been enabled, step 112 .
- a notification e.g., an optional display notification or operation of the device
- the process of joining a new device 28 to a trust group could hardly be easier. Even if the user is prompted to enter a password or biometric scan as in an embodiment described in more detail below, the complexity of deploying and verifying credentials and confirming secure communication capabilities are hidden from the user.
- the trust domain may be managed by a server within the trust domain, such as a CA server 26 .
- Example processes and messages for admitting a new device 28 to such a trust domain are illustrated in FIGS. 4 and 5 .
- secured communications are already established between members of the trust domain (e.g. the terminal 12 and mobile device 29 ) and the CA server 26 , messages 42 a .
- the new device 28 is brought in close proximity to a member of the trust domain (e.g., the terminal 12 and mobile device 29 ) to establish a close range or NFC communication link; step 100 , messages 34 .
- the new device 28 requests registration with the trust domain; step 102 , message 36 .
- membership within the trust domain is managed by the CA server 26 , so upon receiving the registration request, the receiving device (e.g., the terminal 12 or mobile device 29 ) forwards the request to the CA server 26 ; step 114 , message 44 . Since the receiving device was within the trust domain, the message forwarding the registration request may be sent to the CA server 26 using the secured wireless or wired network communication.
- the CA server 26 receives the request, confirms any device information provided along with the request, and confirms the request to add the new device 28 to the trust domain, step 116 .
- the CA server 26 Since the CA server 26 is not in close proximity or communication contact with the new device 28 , it may send a request to the device which forwarded the registration request (e.g., the terminal 12 and mobile device 29 ) asking a user of that device to enter another credential to indicate agreement with joining the new device 28 ; step 118 , message 46 .
- This request for a second credential from a user within the trust domain may be transmitted using the secure communication link of the trust group.
- This request may be for a simple user confirmation action (e.g., a request to press the letter “Y” key if the user agrees), for entry of a password known to the CA server 26 , entry of a biometric scan (e.g., such as a request to scan the users finger over a fingerprint scanner included within the user's device), or some other credential that the CA server 26 can recognize as indicating user agreement with adding the new device 28 to the trust domain.
- the user performs the requested action, step 118 , which is transmitted to the CA server 26 , message 48 . Again, this second user credential may be transmitted over the secured communication network of the trust domain.
- the CA server 26 then confirms the user's second credential, step 120 .
- the second credential may be confirmed using a variety of known methods. For example, if the second credential is a password, the CA server 26 may compare the received password to a list (e.g., a database listing) of passwords assigned to individuals authorized to admit new devices to the trust domain. For example, certain individuals in an organization, such as loan officers in a bank or information technology (IT) professionals within a company, may be authorized to distribute credential information to new devices, such as laptop computers or new hardware installations. To ensure the addition of a new device to a trust domain is being initiated by a trusted individual, the CA server may be configured with a list of passwords assigned to such individuals.
- a list e.g., a database listing
- mobile devices assigned to such trusted individuals may be configured with biometric sensors, such as a finger print scanner 179 (see FIG. 15 ) with biometric data of authorized users stored in a database on the CA server 26 .
- the CA server 26 can verify that the user requesting the addition of a new device 28 to the trust domain is authorized to do so by comparing biometric data received from the user's mobile device 29 to biometric data of authorized users stored in a database maintained on or accessible by the CA server 26 .
- the CA server 26 If the CA server 26 confirms the user's second credential, it transmits the credential to be passed to the new device 28 ; step 122 , message 50 .
- This credential message is sent to the member of the trust domain which received the initial registers request, such as the terminal 12 or mobile device 29 .
- the CA server 26 may simply authorize the receiving device (e.g., the terminal 12 and mobile device 29 ) to forward on the credential used to establish the trust domain. That device then sends the credential along with a challenge message to the new device 28 ; step 106 , message 38 . Since the new device 28 is not yet a member of the trust domain, the credential and challenge message is sent via the close range communication link. As described above with reference to FIG.
- the new device 28 stores the credential, calculates the appropriate response to the challenge, and sends the challenge response back to the member of the trust domain which is in close proximity (e.g., the terminal 12 or mobile device 29 ); step 108 , message 40 .
- the receiving device checks the challenge response message to confirm that the value is correct, test 110 . If the value is correct, this indicates that the credential was accurately received and is being properly processed by the new device 28 , enabling the trust domain to be extended to the new device 28 so secure communications can begin over the trust domain data link; step 112 , messages 42 a , 42 b . If, however, the challenge response is incorrect, indicating that the credential was not properly received, the terminal 12 or mobile device 29 may resend the credential, repeating step 106 and resending message 38 .
- the receiving device may forward a request for registration of the new device 28 to the CA server 26 , step 114 and message 44 , without receiving a request for registration from the new device 28 .
- the process of establishing the close range communication link; step 100 , messages 34 may prompt the receiving device to inform the CA server 26 that a new device 28 is attempting to join the trust domain. This automatic notification may be sufficient to enable the CA server 26 to confirm the addition of the new device 28 , step 116 , and request the receiving device to enter a credential in order to consent to adding the device 28 to the trust domain, step 118 .
- a new mobile device 28 may include credential information, such as a digital signature, stored in the device by the original equipment manufacturer or a service provider. Such credential information may be useful to enabling a trust domain administrator (such as a CA server 26 ) to determine whether the new device should be added to the trust domain. Such credential information may be verified using any known method including, for example, PKI methods. Accordingly, in an embodiment illustrated in FIGS. 6-8 , the credential stored on the new device 28 is confirmed as part of the process of deciding whether to add the device to the trust domain. Referring to FIG. 6 , in one implementation, the new mobile device 28 is brought into close proximity with a member of the established trust domain in order to establish a close range communication link, step 100 .
- credential information such as a digital signature
- the new device 28 then sends its preloaded credential along with a registration request over the close range communication link to a member of the established trust domain, step 102 .
- This message is similar to the registration request message 36 illustrated in FIG. 3 with the addition of the device's credential information.
- a member of the trust domain such as the CA server 26
- This method then continues in the manner described above with reference to FIGS. 2 and 3 for steps 108 , 110 , and 112 .
- the new device 28 may use its preloaded credential information to secure a first communication link with a CA server 26 and then request entry into a trust domain to receive a new service.
- the new device 28 may establish a secure wired or wireless communication link with a CA server 26 using its preloaded credential; step 126 , messages 52 .
- the new device 28 may then request registration for the new service; step 128 , message 54 .
- the CA server 26 may confirm the credential of the new device 28 , step 130 .
- the CA server 26 may send an instruction to the new device 28 and another device within the trust domain including the new service, such as the terminal 12 , to enter into a close range communication link; step 132 , messages 56 a and 56 b .
- a user of the new device 28 (and/or a user of the terminal 12 ) receiving the instruction to establish a close range communication link may then bring the device into close proximity with the terminal 12 ; step 100 , messages 34 .
- the new device 28 may send a registration request to the terminal 12 over the close range communication link; step 102 , message 36 .
- the terminal 12 may then forward a confirmation message to the CA server 26 indicating that a proximity event has occurred with the new device 28 ; step 115 , message 58 .
- the CA server 26 may provide the credential to be used by the new device 28 to the terminal 12 ; step 122 , message 60 .
- the method and messages proceed substantially as described above with reference to FIGS. 4 and 5 to extend the trust domain to include the new device 28 .
- the methods and systems described herein may be used to extend a trust domain from a CA server 26 to a first device 29 and then on to a second device 28 (and so on).
- a first mobile device 29 may be brought into close proximity with the CA server 26 in order to establish a close range communication link; step 100 a , messages 34 a .
- the first device 29 may request registration with the CA server 26 , step 102 a and message 36 a , and in response the CA server 26 sends a credential and challenge message, step 106 a and message 38 a .
- the trust server 26 may send the credential and challenge message, step 106 a , message 38 a , without prompting from the first device 29 , relying instead upon the establishment of a close range communication link, step 100 a .
- the first mobile device 29 stores the credential, calculates a response to the challenge request, and transmits the challenge response back to the trust server 26 ; step 108 a , message 40 a .
- the trust server 26 verifies that the challenge response is valid, test 110 a , repeating the step of sending the credential and challenge request, step 106 a , if the response is not valid.
- the process of requesting registration, and sending credentials, confirming that credentials were properly received and commencing secure communications over the trust domain communication link, steps 102 b through 112 then proceed in a manner substantially the same as the similarly labeled steps described above with reference to FIGS. 2 and 3 .
- This embodiment has a number of useful applications for distributing credentials using a mobile device 29 as a means for linking a number of other devices into the trust domain.
- the CA server 26 may issue a new credential when a new device 28 requests to join the trust domain. This embodiment may be useful when the entry of the new device 28 requires a different level of security or there is a need to avoid disclosing the previous credential to the new device 28 .
- a new device 28 seeks to join a trust domain by establishing a close range communication link, step 100 and messages 34 , and transmitting a registration request to a member of the trust domain, step 102 and message 36 , in a manner similar to those described above with reference to FIGS. 4 and 5 .
- a member device e.g., terminal 12 or mobile device 29
- receiving a registration request from the new device 28 pass the request on to a CA server 26 ; step 114 and message 44 .
- the CA server 26 may generate a new credential to be used to establish the trust domain, step 134 .
- This new credential(s) will replace the present credential(s) used by members of the trust domain so that the new device 28 can be admitted to the trust domain.
- the CA server 26 sends the new credential along with a challenge request to each member of the trust domain, step 106 a and message 62 .
- FIG. 11 shows the delivery of new credential information being passed from the CA server 26 to a member of the trust domain, such as the terminal 12 , but the new credential may also be passed from one member to the next in a manner similar to that described above with reference to FIGS. 9 and 10 .
- each device receiving a new credential stores the credential, calculates an appropriate response to the challenge request and transmits that challenge response back to the device which provided the credential; step 108 a and message 64 .
- the challenge response is checked for validity, test 110 a , so that if the credential was not properly delivered it can be retransmitted, step 106 a . Since the members of the trust domain already have secure communications established, the transmission of the new credential can be made using that link, as shown in FIG. 12 , without the need to establish close range communication links between each pair of devices within the trust domain. While FIGS. 11 and 12 illustrate passing credentials to only a single member of the trust domain, the various steps may be repeated until all members of the trust domain have received the new credential.
- one of members of the trust domain can pass the credential on to the new device 28 using the established close range communication link. This can be accomplished in steps 106 b - 112 and messages 38 and 40 in a manner substantially the same as described above with reference to FIGS. 9 and 10 for like numbered steps and messages.
- the user of the new device 28 may be prompted to enter an identifying credential, such as a password or a biometric identifier, in order to confirm the user's identity or prior authorization to join the trust domain.
- an identifying credential such as a password or a biometric identifier
- Such a prompt may be generated as part of the process of establishing the close range communication link, step 100 , and may be presented to the user on a display of the new device 28 . If the user is prompted to enter a password, the user may do so by using a keypad or keyboard on the new device 28 .
- the user may use a biometric sensor on the new device 28 to enable the new device to obtain biometric information that it can forward to the requesting device.
- the new device 28 may include a finger print scanner 179 (see FIG. 15 ) enabling the user to provide a finger print image or scan as a biometric identifier.
- the user may speak a password phrase into a microphone of the new device 28 in order to provide a voice print or audio file suitable for voice print identification. Other biometric credentials may also be used.
- the user identifier information may be passed to the requesting device within the trust domain via the close range communication link 4 as part of the registration request, step 102 and message 36 , or as a separate step and message (not shown).
- a CA server 26 can confirm the user's identity based upon a password, by comparing the received password to a list of passwords assigned to individuals authorized to register with a trust domain.
- a CA server 26 can confirm the user's identity based upon biometric data, by comparing the received biometric data to biometric data of individuals authorized to register with a trust domain.
- a proximity event may also be used as part of the process of removing a device from a trust domain.
- a mobile device 28 that is a member of the trust domain is able to engage in secure communications over the wired or wireless communication link enabled by the domain encryption credentials, step 134 and messages 66 .
- a user may bring the device in close proximity to another member of the trust domain, such as the terminal 12 , which automatically causes the establishment of a close range communication link; step 136 and messages 68 .
- the mobile device 28 may then send a message via the close range communication link to the terminal 12 announcing a desire to leave the trust domain; step 138 and message 70 .
- the terminal 12 may send messages via the trust domain communication link informing other members of the trust domain that the mobile device 28 is about to depart, step 140 .
- the terminal 12 may also receive confirmation from the CA server 26 that departure of the mobile device 28 is permissible.
- the terminal 12 may send a message to the departing mobile device 28 confirming or acknowledging that the departure request has been received; step 142 and message 72 .
- the mobile device 28 may delete the key credential, step 144 , thereby taking itself out of the trust domain.
- the CA server 26 may want to transmit a new credential to remaining members within the trust domain in order to ensure that the departing mobile device 28 is not able to reestablish security communications without repeating the credential deployment methods of the various embodiments.
- the indication of a desire to leave the trust domain may be transmitted to other members of the trust domain by the leaving mobile device 28 using the secure communication link.
- the desire to leave the trust domain may then be communicated by the leaving mobile device 28 to the terminal 12 using the close range communication link 4 .
- the terminal 12 can then inform the rest of the trust domain that the first mobile device 28 is no longer a member of the group.
- Including a step of creating a close range communication link in order to remove a device from a trust domain provides an added layer of security in the form of a physical movement (i.e., bringing the departing device into close proximity with the terminal 12 ). This added step reduces the chance that devices are inadvertently dropped from a trust domain.
- devices may also exit a trust domain by being turned off or transmitting messages communicating a desire to leave the domain via the established trust domain communication link.
- the embodiments described above may be implemented on any of a variety of mobile handsets, such as, for example, laptop computers, cellular telephones, personal data assistants (PDA) with cellular telephone, mobile electronic mail receivers, mobile web access devices, and other processor-equipped devices that may be developed in the future that connect to a wireless network.
- mobile handsets will have in common the components illustrated in FIG. 15 .
- the mobile handset 170 may include a processor 171 coupled to internal memory 172 and a display 173 .
- the mobile handset 170 will have an antenna 174 for sending and receiving electromagnetic radiation that is connected to a wireless data link and/or cellular telephone transceiver 175 coupled to the processor 171 .
- the transceiver 175 and portions of the processor 171 and memory 172 used for cellular telephone communications is referred to as the air interface since it provides a data interface via a wireless data link.
- the mobile handset 170 will include a close range transceiver 178 capable of establishing and communicating a close range communication link, such as using one of the near field communication protocols.
- the mobile handset 170 will include biometric sensors, such as a finger print scanner 179 that can obtain a biometric image of a user and pass the data to the processor 171 .
- Mobile handsets typically include a key pad 176 or miniature keyboard and menu selection buttons or rocker switches 177 for receiving user inputs.
- a personal computer 180 illustrated in FIG. 16 processor-equipped components (e.g., an IV pump 214 or an ECG monitor 216 shown in FIG. 18 ), and other smart devices.
- a personal computer 180 typically includes a processor 181 coupled to memory 182 and a large capacity memory, such as a disk drive 183 .
- the computer 180 may also include a network connection circuit 184 for coupling the processor to a wired network.
- the computer 180 may include a medium to long range wireless transceiver 185 such as a WiFi or BlueTooth® transceiver coupled to the processor 181 for transmitting and receiving data via a wireless data network.
- the computer 180 used in the various embodiments includes a close range communication transceiver 188 which is configured to send and receive data over a very short range wireless data link.
- the close range communication transceiver 188 may be an NFC protocol transceiver or an RFID reader. So configured, the computer 180 can establish close range communication links with other devices, such as the mobile device 170 shown in FIG. 15 , in order to accomplish the methods of the various embodiments.
- a server 190 typically includes a processor 191 coupled to memory 192 and a large capacity memory, such as a disk drive 193 .
- the server 190 may also include a plurality of network connection circuits 194 a - 194 d for coupling the processor to a wired network, such as the Internet.
- the server 190 may also include a medium-to-long range wireless transceiver 195 such as a WiFi transceiver coupled to the processor 191 for transmitting and receiving data via a wireless data network.
- the server 190 optionally may include a close range communication transceiver 198 which is configured to send and receive data over a very short range wireless data link.
- the close range communication transceiver 198 may be an NFC protocol transceiver or an RFID reader. So configured, the server 190 can establish close range communication links with other devices, such as the mobile device 180 shown in FIG. 15 or the computer 180 shown in FIG. 16 , in order to accomplish the methods of the various embodiments.
- FIG. 18 shows a sensor, data collection and database system that may be employed within a hospital, such as in an intensive care unit.
- the various embodiments enable the creation of virtual cables (referred to herein as “V-cables”) to link various medical devices to a network using flexible wireless communication links, thereby replacing cables presently used to communicate data from devices to monitors to data collection nodes.
- V-cables virtual cables
- Such a system may include a patient monitoring computer 212 containing component described above with reference to FIG. 16 that is configured to communicate with a medium range wireless data link 222 , such as a BlueTooth® protocol data link, as well as a close range communication link 224 .
- the patient monitoring computer 212 may be equipped with a long-range wireless transceiver able to communicate via a long-range wireless data link 226 , such as a WiFi data link in order to connect to a hospital mainframe computer 220 .
- the patient monitoring computer may be coupled to the hospital mainframe computer 220 by a wired network 224 .
- certain patient monitoring equipment such as an intravenous (IV) pump 214 and an electrocardiogram (ECG) monitor 216 .
- IV intravenous
- ECG electrocardiogram
- patient monitoring equipment 214 , 216 will typically include a processor A coupled to a memory D, a medium range wireless transceiver B, and a close range wireless transceiver C.
- each medical device will be able to establish the close range communication link 224 employed in the various embodiments in order to receive credential information sufficient to establish secure communication via the medium range wireless network 222 .
- the various embodiments may further be used to communicate patient data from sensors, such as a portable electrode 218 using both the medium range wireless network 222 and the close range communication link 224 employed in the various embodiments.
- a virtual cable connector 200 may be used to connect such devices to the patient monitor computer 212 . More details regarding the virtual cable connector 200 are provided below with reference to FIG. 20 .
- the patient monitor computer 212 may be turned on and logged into the hospitals network and mainframe computer 220 , step 250 .
- the hospital mainframe computer 220 may send credential information to the patient monitor computer 212 along with any seed data used for encrypting wireless transmissions, step 252 .
- the monitor may be brought into close proximity to the computer to establish a close range communication link and receive credential information as described in the foregoing embodiments, step 254 .
- each ECG sensor 218 may be configured to send data to the ECG monitor 216 simply by touching each sensor 218 to the monitor, step 260 .
- Proper operation of the ECG sensor-to-monitor data link may be confirmed, step 262 , with the process repeated if necessary, step 264 .
- the IV pump 214 can be coupled to the patient monitor computer 212 simply by bringing it into close proximity with the computer, step 266 .
- the pump-to-computer data link may be confirmed, step 268 , and the process repeated if necessary, step 270 . This process of touching to connect various medical devices may continue until all devices have been linked to the patient monitor computer 212 . At that point, patient monitoring using the system illustrated in FIG. 18 may begin, step 272 .
- each medical device includes both close range wireless (e.g., NFC) and medium range wireless (e.g., BlueTooth®) transceivers.
- the system may also be implemented with medical devices that are configured for convention cable connections by using a V-cable connector 200 , an example of which is illustrated in FIG. 20 .
- a V-cable connector 200 may include a processor 201 coupled to memory 202 and a power supply, such as a battery 203 .
- the V-cable connector 200 may include a medium-range transceiver 205 coupled to the processor 201 and an antenna 204 configured to establish medium-range wireless communications, such as using the BlueTooth® protocol.
- the V-cable connector 200 may include a close range communication transceiver 208 connected to the processor 201 and an antenna 209 .
- the close range transceiver 208 may be an RFID device or an NFC protocol transceiver.
- the V-cable connector 200 may include a connector plug 206 coupled to the connector via a coaxial cable 207 .
- the connector plug 206 is configured to match the standard plug configuration of cables used to connect medical devices together and to a patient monitor computer 212 .
- the V-cable connector 200 may be enclosed within a housing 210 to provide a unitary device that can simply be plugged into the cable port of medical devices just as if it were a cable.
- the processor 201 may be configured with software instructions, which may be stored in the memory 202 , to cause the processor to operate the transceivers 205 , 208 to perform steps according to the various embodiments. So configured, the V-cable connector 200 includes all of the communication elements needed to be able to connect one mobile device to another device having a V-cable connector 200 or internal transceivers using secure wireless communication networks as if the connection was made by a cable.
- the operation of the hospital system using V-cable connectors 200 can be appreciated by considering an example of steps required to assemble the system in order to monitor a new patient.
- the patient monitor computer 212 may be turned on and logged into the hospitals network and mainframe computer 220 , step 250 .
- the hospital mainframe computer 220 may send credential information to the patient monitor computer 212 along with any seed data used for encrypting wireless transmissions, step 252 .
- one connector is touched to the patient monitor computer 212 to establish a close range communication link 222 in order to receive credential information, step 280 .
- the connector-to-computer data link may be confirmed, step 282 , and the process repeated if necessary, step 284 .
- the V-cable connector 200 is plugged into a medical device, such as an ECG monitor 216 , step 286 .
- an equal number of V-cable connectors 200 are plugged into the ECG monitor 216 , step 288 .
- the ECG sensors 218 are equipped with wireless transceivers, as illustrated in FIG. 18 , the sensors can be linked to the ECG monitor 216 by touching each sensor 218 to a respective one of the V-cable connectors 200 plugged into the ECG Monitor 216 , step 290 .
- the sensor-to-connector data link may be confirmed, step 292 , and the process repeated if necessary, step 294 .
- the IV pump can be similarly connected to the patient monitor computer 212 by touching a V-cable connector 200 to the computer, step 296 , verifying the connector-to-computer data link, step 298 (and repeating the process if necessary step 300 ) and then plugging the V-cable connector 200 into the IV pump, step 302 .
- patient monitoring can begin, step 272 .
- the various embodiments can enable a variety of other applications for using virtual cables to quickly and simply replace physical cables.
- the use of encryption credentials with the medium-to-long range communication link will prevent interference by other V-cable connections as well as protect data from eavesdropping just as physical cables will do.
- the process for establishing such ad hoc trust domains can be simplified to the intuitive process of simply touching components and virtual connectors together in order to establish the desired data link and security arrangement.
- the processor 171 , 181 , 191 and 201 may be any programmable microprocessor, microcomputer or multiple processor chip or chips that can be configured by software instructions (applications) to perform a variety of functions, including the functions of the various embodiments described above.
- multiple processors 171 , 181 , 191 , 201 may be provided, such as one processor dedicated to wireless communication functions and one processor dedicated to running other applications.
- software applications may be stored in the internal memory 172 , 182 , 192 , 202 before they are accessed and loaded into the processor 171 , 181 , 191 , 201 .
- the processor 171 , 181 , 191 , 201 may include internal memory sufficient to store the application software instructions.
- memory refers to all memory accessible by the processor 171 , 181 , 191 , 201 , including internal memory 172 , 182 , 192 , 202 and memory within the processor 171 , 181 , 191 , 201 itself.
- User data files are typically stored in the memory 172 , 182 , 192 , 202 .
- the memory 172 , 182 , 192 , 202 may be a volatile or nonvolatile memory, such as flash memory, or a mixture of both.
- the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored or transmitted as one or more instructions or codes on a computer-readable medium.
- Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
- a storage media may be any available media that can be accessed by a computer.
- such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
- any connection is properly termed a computer-readable medium.
- the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave
- the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium.
- Disk and disc includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
Abstract
Description
- The present application claims the benefit of priority to U.S. Provisional Patent Application No. 60/891,230 filed Feb. 23, 2008 entitled “Method and Apparatus to Deploy Dynamic Credential Infrastructure Based on Proximity,” the entire contents of which are hereby incorporated by reference.
- The present invention relates generally to computer network communications, and more specifically to methods for deploying dynamic credential infrastructure based on proximity.
- As the amount of commerce continues to increase over networks, such as the Internet, security becomes a much larger issue. Unfortunately, the protocols underlying the Internet, such as TCP/IP (Transmission Control Protocol/Internet Protocol), were not designed to provide secure data transmission. The Internet was originally designed with the academic and scientific communities in mind, and it was assumed that the users of the network would be working in non-adversarial, cooperative manners. As the Internet began to expand into a public network, usage outside these communities was relatively limited, with most of the new users located in large corporations. These corporations had the computing facilities to protect their user's data with various security procedures, such as firewalls, that did not require security to be built into the Internet itself. In the past several years, however, Internet usage has skyrocketed. Millions of people now use the Internet and the Web on a regular basis. (Hereinafter, the terms “Internet” and “Web” are used synonymously unless otherwise indicated.) These users perform a wide variety of tasks, from exchanging electronic mail messages to searching for information to performing business transactions. These users may be accessing the Internet from home, from their cellular phone, or from a number of other environments where security procedures are not commonly available.
- To support the growth of business on the Internet, often referred to as “electronic commerce” or simply “e-commerce,” easily-accessible and inexpensive security procedures had to be developed. A first commonly used security measure involves a Public Key Infrastructure (hereinafter “PKI”). PKI utilizes certificates as a basis for a security infrastructure. Certificates utilize public keys and third party verification entities to allow servers to decode client transmissions and authenticate the client's identity. In operation, a first node in a network can encrypt a message with its own private key. The message can be read by a second node with the first node's public key. A public key can only be used to decrypt messages created by the private key and cannot be used to encrypt messages. Thus, the first node is free to distribute their public key. One way in which public keys are distributed is by including them in certificates. There are a number of standards for certificates including the X0.509 standard, which defines a standard format for certificates. X0.509 is an ITU Recommendation and International Standard that defines a framework for providing authentication. (See “ITU Recommendation X0.509 (1997) Information Technology—Open Systems Interconnection—The Directory: “Authentication Framework”, dated November 1993. This information is also published in International Standard ISDO/IEC 9594-8 (1995).) A certificate format is defined in this standard. Certificates created according to this international standard, in the defined format, are referred to as “X0.509 certificates.”
- In the various embodiments, methods, systems and devices are provided for deploying dynamic credential infrastructure based on proximity. The embodiments include establishing a close range or near field communications link and sending credentialed information across that communications link. The identity of a user may be verified using another separate credential, such as a password or biometric data. A variety of wireless proximity-limited communication technologies may be used for mobile devices (e.g., cell phones, PDAs, and other wireless devices) to establish a peer-to-peer (P2P) data link. After the P2P link has been configured with wireless proximity-limited communication, security credential information can be communicated via that link that can be used to secure or authenticate another wireless communication technology, such as BlueTooth® or Wi-Fi, that can be used for longer-range communication or for transferring larger amounts of data. Since wireless proximity-limited communication technologies are limited to short ranges, this self establishing wireless communication link provides an intuitive mechanism for users to authenticate mobile devices prior to or during transfer of credential information by bringing two or more mobile devices into close proximity.
- The accompanying drawings, which are incorporated herein and constitute part of this specification, illustrate exemplary embodiments of the invention, and together with the general description given above and the detailed description given below, serve to explain the features of the invention.
-
FIG. 1 is a system block diagram of wireless cellular network which includes short-range wireless communication implemented on a number of mobile devices. -
FIG. 2 is a process flow diagram of an embodiment method suitable for joining a device to a trust domain. - FIG. is a message flow diagram of the embodiment for establishing a trust domain illustrated in
FIG. 2 . -
FIG. 4 is a process flow diagram of another embodiment method suitable for establishing a trust domain. -
FIG. 5 is a message flow diagram of the embodiment for establishing a trust domain illustrated inFIG. 4 . -
FIG. 6 is a process flow diagram of another embodiment method suitable for establishing a trust domain. -
FIG. 7 is a process flow diagram of another embodiment method suitable for establishing a trust domain. -
FIG. 8 is a message flow diagram of the embodiment for establishing a trust domain illustrated inFIG. 7 . -
FIG. 9 is a process flow diagram of an embodiment method suitable for establishing a trust domain among a number of devices. -
FIG. 10 is a message flow diagram of the embodiment for establishing a trust domain illustrated inFIG. 9 . -
FIG. 11 is a process flow diagram of another embodiment method suitable for establishing a trust domain. -
FIG. 12 is a message flow diagram of the embodiment for establishing a trust domain illustrated inFIG. 11 . -
FIG. 13 is a process flow diagram of an embodiment method suitable for removing a device from a trust domain. -
FIG. 14 is a message flow diagram of the embodiment for removing a device from a trust domain illustrated inFIG. 13 . -
FIG. 15 is a circuit block diagram of an example mobile device suitable for use with the various embodiments -
FIG. 16 is a circuit block diagram of an example computer or other programmed device suitable for use with the various embodiments -
FIG. 17 is a circuit block diagram of an example server suitable for use with the various embodiments -
FIG. 18 is a system block diagram of a wireless patient monitoring system according to an embodiment. -
FIG. 19 is a process flow diagram of an embodiment method suitable for connecting components within the patient monitoring system shown inFIG. 18 . -
FIG. 20 is a circuit block diagram of an example virtual cable connector device suitable for use with the various embodiments -
FIG. 21 is a process flow diagram of an embodiment method suitable for is a process flow diagram of an embodiment method suitable for connecting components within the patient monitoring system shown inFIG. 18 using the virtual cable connector device shown inFIG. 20 . - The various embodiments will be described in detail with reference to the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts. References made to particular examples and implementations are for illustrative purposes, and are not intended to limit the scope of the invention or the claims.
- The word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any implementation described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other implementations.
- As used herein, the terms “mobile device” and “handheld device” refer to any one or all of cellular telephones, personal data assistants (PDA's), palm-top computers, wireless electronic mail receivers and cellular telephone receivers (e.g., the Blackberry® and Treo® devices), multimedia Internet enabled cellular telephones (e.g., the iPhone®), and similar personal electronic devices which include a programmable processor and memory, a close range communication transceiver and another communication transceiver capable of connecting to a wireless network. As used herein, the terms “device,” “communication device,” “wireless device,” and “wireless communications device,” are used interchangeably to refer to electronic devices which include a close range communication transceiver, a second transceiver (which may be wired or wireless) and a processor coupled to the two transceivers which is configured with software instructions to participate in the embodiment systems and perform some steps of the embodiment methods. Some examples of suitable devices are described in more detail below with reference to
FIGS. 1 , 15-17 and 20, but the terms are intended to be interpreted broadly as the embodiments are applicable to a broad range of applications and implementations beyond those of the example embodiments. Some embodiments refer to cellular telephone network systems including cell towers of such networks, the scope of the present invention and the claims encompass any wired or wireless communication system, including for example, Ethernet, WiFi, WiMax, and other wireless data network communication technologies. - As used herein, the term “trust domain” refers to a set of devices in possession of common or related credentials such that the devices can “trust” each other to share confidential information and exchange communications in a secure manner. An example of a trust domain is a pair (or more) of devices sharing a set of X0.509 certificates signed by the same Certificate Authority (CA), i.e. a PKI. Another example of a trust domain is a pair (or more) of devices sharing symmetric credentials. To extend a trust domain to another device, the receiving device needs to be verified as a valid new member, and the credentials need to be exchanged securely.
- The various embodiments make use of wireless proximity-limited communication technologies to impose the need to bring two electronic devices to authenticate and then exchange credential information such as digital certificates, encryption keys, and other credential data as may be used to deploy credential infrastructure (such as PKIs) for secure wired or wireless communication between two or more devices. A variety of wireless proximity-limited communication technologies may be used for this purpose. For example, near-field communications (NFC) protocol technologies may be used. NFC technology devices operate in the unregulated RF band of 13.56 MHz and fully comply with existing contactless smart-card technologies, standards, and protocols such as FeliCa and Mifare. NFC-enabled devices are interoperable with contactless smart-cards and smart-card readers conforming to these protocols. The effective range of NFC protocol communications is approximately 0-20 cm (up to 8 in.) and data communications terminates either by a command from an application using the link or when the communicating devices move out of range.
- Evolving from a combination of contactless, identification and networking technologies, the NFC protocols are short-range wireless connectivity standards. A number of international standards have been established for NFC protocols, including for example: ISO/IEC 14443; ISO/IEC 15693; ISO/IEC 18092; ISO/IEC 21481; ISO/IEC 22536; ISO/IEC 23917; ISO/IEC DIS 28361; ECMA-340, referred to as NFCIP-1; ECMA-352, referred to as NFCIP-2; ECMA-356; ECMA-362; ECMA-373; ECMA/TC32-TG19/2006/057; NFC-WI; and NFC-FEC.
- However, the embodiments and the claims are not necessarily limited to any one or all of the NFC protocols, and instead may encompass any close range (i.e., proximity-limited) wireless communication link. Any wireless proximity-limited communication technology may be used in some of the embodiments. In addition to the NFC protocols listed above, wireless proximity-limited communication links may be established using other close range communication media, including for example radiofrequency identification (RFID) tags and the IrDA (Infrared Data Association) protocol. Also, other close range wireless protocols and standards may be developed and may be used in the various embodiments in the same manner as NFC protocol devices. Further, longer range wireless technologies and protocols may be used with modifications or additions that limit their effective range for purposes of identifying electronic devices one to another. For example, WiFi, BlueTooth® (which communicates using the 2.4 GHz frequency band), UWB (Ultra Wideband), IEEE 802.15.4, and Zigbee® wireless communication protocols and standards may also be used in combination with range-limiting features. For example, the power of transmitters may be limited for authentication communications, such that two devices must be relatively close together (e.g., within a few feet of each other) in order to send and receive the communications. As another example, round-trip communication delay limits may be imposed such that authentication communications can only occur if the round trip of such signals is less than a threshold set to reject signals sent from more than a dozen feet or so, which may be as short as two to three feet separation.
- With the increased adoption of radio frequency identification (RFID) contactless smart-cards support a broad range of applications, such as access, payment, and ticketing, and the commercial availability of NFC protocol devices such as cell phones, the convergence of mobile devices with RFID is gaining interest.
- For simplicity of reference, the various embodiments and the claims refer to “close range communications” and “near field communications” in order to encompass any and all wireless proximity-limited communication technologies. References herein to “close range communication links” (CRCL) and “near field communications” are not intended to limit the scope of the description or the claims in any way other than the communications technology will not exchange credential information beyond about three meters (about twelve feet). In a preferred embodiment, the communication range is limited to less than about one meter (about three feet), in a further preferred embodiment, the communication range is limited to less than about one foot, and in some embodiments the communication range is limited to approximately 0-20 cm (up to 8 in.). In order to reflect this distinction, descriptions of embodiments using links with communication ranges of approximately 0-20 cm (up to 8 in.) are refer to “NFC protocol” links. Therefore, references to “near field communication protocol” and “NFC protocol” communications are intended to be limited to communications transceivers and technologies with ranges provided by the various NFC protocols and standards listed above, but may also include RFID transceivers and technologies with a similarly limited communication range.
- With close range communications like NFC protocol devices it is possible to connect any two devices to each other to exchange information or access content and services—easily and securely. Solution vendors argue that the intuitive operation of NFC protocol systems makes the technology particularly easy for consumers to use (“just touch and go”), while the inherent security resulting from its very short communication range makes such systems ideal for mobile payment and financial transaction applications. Familiar applications of NFC protocol technology are electronic pass keys used in building security systems, mass transit fare card systems, and smart credit cards which need only to be brought close to a point of sale reader to complete a transaction.
- As mobile devices and consumer electronic devices become more capable and many services can be provisioned post-sale, scalable methods of deploying credentialed infrastructure (such as PKIs) and similar credential post-production are becoming increasingly important. The exchange of credential information can be handled using a variety of proven methods, which can involve complex protections to prevent eavesdropping, counterfeiting and misappropriation. However, there are times when two devices can be placed in close proximity to allow users to be inherently trusted (i.e. correct device behavior is in the user's interest), or the proximity condition is established in a trusted environment (e.g. at a teller station in a bank), or additional credentials are used to allow the extension of a trust domain to a new device. Thus, the various embodiments provide simpler systems and methods to extend a trust domain of an existing credentialed infrastructure by leveraging the inherent security afforded by proximity.
- In overview, the various embodiments leverage close range communications to exchange credential information in order to ensure physical awareness prior to creating or extending a trust domain. The use of close range near-field communication technology establishes physical awareness between a device already in a trust domain and a new device to be added, as the devices need to be in close contact (e.g., within about 8 inches with NFC protocol devices). Upon such a proximity event, a device within the trust domain uses a wireless protocol to send credential information to the new device. While close range communications and NFC protocol links allows credentials to be exchanged in the clear with minimal risk of interception or interference, integrity-protected, and/or confidentiality-protected communications may also be used depending on the implementation. NFC protocol technologies are limited to such short ranges that users must touch or nearly touch two devices together to establish the communication link. This physical action, referred to herein as a proximity event, thus provides an intuitive mechanism for establishing a peer-to-peer (P2P) wireless communication link; if users want to join a new device to a trust domain, they merely touch the new device to a member of the trust domain. In the various embodiments, this touch-to-communicate mechanism is leveraged to provide an intuitive means for users to authenticate mobile devices to one another prior to or while exchanging credential data. Once the two (or more) devices establish a closer range P2P link and exchange credential data, longer range wireless (or wired) network secured and trusted communications can be established using the credential infrastructure. In addition to adding a layer of security, the various methods obviate the need for involved security and authentication protocols to form or add members to a trust group. The limited range of close range P2P links makes them generally invulnerable to eavesdropping and avoids issues of unwanted devices attempting to hack into trusted communications via long range wireless links.
- As part of or in addition to exchanging credential information, the short-range communication link may also be used to exchange information required to establish the second wired or wireless communication link that is used by the trust domain. For example, the two devices may exchange address and device identifier information necessary to enable immediately establishing a BlueTooth® wireless data link with no further synchronization activity or user action. As another example, the two devices may exchange Internet protocol (IP) or local area network address information to enable communication via WiFi wireless or Ethernet-based networks. In this manner, the proximity event ensures that the two devices are able to communicate securely without requiring any further user action. Thus, the various embodiments enable users to initiate secure trust domain communications merely by bringing two or more devices into close proximity.
- In an embodiment, a trust domain may utilize a proximity event and the associated close range communication link to accept a new member as a valid device to extend the trust domain to the new member. This may entail user notification. Alternatively, the trust domain may utilize the proximity detection method in conjunction with user confirmation to accept a new member as a valid device to extend the trust domain to new member. This embodiment is explained in more detail below with reference to
FIGS. 2-3 . - In another embodiment, a trust domain utilizes a proximity event and the associated close range communication link plus another separate credential to accept a new member as a valid device to extend the trust domain to the new member. This embodiment may entail passwords, biometric measurements, and other externally provided credentials. This embodiment is explained in more detail below with reference to
FIGS. 4-5 . - In another embodiment, a trust domain utilizes a proximity event and the associated close range communication link plus another credential already established on a new device, e.g. a provisioning PKI of the device manufacturer or service provider to verify the origin of the new member, while the proximity condition is used to further authenticate the new device and communicate credentials for a new service. This embodiment is explained in more detail below with reference to
FIGS. 6-8 . - In another embodiment, a trust domain utilizes a proximity event and the associated close range communication link of two subsequent devices (such as within a certain time limit) to accept a new member as a valid device and to extend the trust domain to the new member. The first device contact establishes a physically secure environment (e.g. a bank's customer service desk), while the second device contact (i.e., proximity event) establishes a credential to use to establish the trust domain. This embodiment may be useful when the provisioning entity is trusted by a service entity via other non-electronic/non-cryptographic means, e.g. contractually, via ownership, etc. This embodiment is explained in more detail below with reference to
FIGS. 9-10 . - In the various embodiments, the set of credentials within the trust domain may be pre-existing when the new member is discovered in a proximity condition. In such circumstances, the trust domain may extend the existing set of credentials to the new device. Alternatively, a member of the trust domain may generate a new set of credentials triggered by the discovery of the new member in a proximity condition. This alternative is explained in more detail below with reference to
FIGS. 11-12 . - In the various embodiments, a proximity event may also be used as part of removing a device from a trust domain. This embodiment is explained in more detail below with reference to
FIGS. 13-14 . - The various embodiments may be employed in a variety of wired and wireless networks, including for example a wireless network employing cellular data communication links. By way of example,
FIG. 1 shows a block diagram of a trustdomain communication network 10 including a cellular network in which some mobile cellular devices have the additional ability to function as readers of close-range wireless communications, such as NFC protocol and RFID communications. Thenetwork 10 may include a terminal 12, which in the illustrated system is configured with a network antenna and transceiver for transmitting and receivingcellular signals 2 from/to a cellular base site or base station (BS) 16. The terminal 12 also includes a close range communications transceiver. In thisexample network 10, thebase station 16 is a part of a cellular network that includes elements required to operate the network, such as a mobile switching center (MSC) 18. In operation, theMSC 18 is capable of routing calls and messages to and from the terminal 12 via thebase station 16 when the terminal 12 is making and receiving cellular data calls. TheMSC 18 also provides a connection to telephone landline trunks (not shown) when the terminal 12 is involved in a call. Further, the MSC can, but need not, be coupled to aserver gateway 22 coupled to theInternet 24. - The
MSC 18 can also be coupled to anetwork 19 by awired network connection 1, such as a local area network (LAN), a metropolitan area network (MAN), and/or a wide area network (WAN). TheMSC 18 can be coupled to thenetwork 19 directly by awired network connection 1, or if the system includes a gateway 22 (as shown), the MSC can be coupled to thenetwork 19 via thegateway 22 which has a wirednetwork connection 1 to thenetwork 19. In a typical embodiment, theMSC 18 is coupled to thegateway 22, and thegateway 22 is coupled to theInternet 24. In turn, electronic devices such as a laptop computer 30 (as shown) or any other processing elements (e.g., personal computers, server computers or the like) can be coupled to the terminal 10 via theInternet 24 by way of theirown Internet connection 9. In a further embodiment, one or more processing elements associated with aCA server 26 may be coupled to thisnetwork 10 by way of theInternet 24. - In addition to
cellular network communications 2, the terminal 12 may be equipped to communicate with other devices, such asmobile devices local wireless network 3 and a close-range communication link 4. For example, in theFIG. 1 embodiment, the terminal 12 is configured to communicate with a firstmobile device 28, a secondmobile device 29 and alaptop computer 30, each equipped with an internal NFC protocol transceiver (e.g., for example an NFCIP-2 transceiver). The terminal 12 is also configured to communicate with thesedevices area wireless link 3. For example, the terminal 12 may include an NFCIP-2 NFC transceiver and an IEEE 802.11g wireless data network transceiver. Similarly, themobile devices laptop computer 30 as illustrated are configured with compatible NFC protocol and local area (or wide area) wireless transceivers. - The close range communication transceivers in the terminal 12 and the
other network devices - The terminal 12 and
network devices FIG. 1 , the second data communication link may be a localarea wireless link 3, such as according to the IEEE 802.11g standard. This second data communication link need not be wireless, and can be a wired local area network (not shown), such as a ring token network or an Ethernet network. - In addition to
mobile devices laptop computers 30, thenetwork 10 may also or alternatively include any of a number of different electronic devices, including other mobile terminals, wireless accessories (e.g., mass storage devices, networked printers, monitors, etc.), portable digital assistants (PDAs), pagers, desk top computers, medical devices, data sensors, and other types of electronic systems. -
FIG. 1 illustrates devices that may be members of a trust domain. For example, a trust domain may be established among the terminal 12,mobile devices laptop computer 30. An example of such a trust domain may be an office networked computer system that uses the terminal 12 as a hub for administering the trust domain. As another example, the trust domain may includemobile devices physician assistant PDAs remote terminals 30 for distributing patient records from and transmitting patient information to a central data processor and communication hub (e.g., terminal 12). In such examples, the trust domain is able to share data within the trusted devices via secure messages transmitted by awireless data link 3. Such trust domain transmissions may be peer-to-peer links, such as illustrated betweenmobile device 28 andmobile device 29, or indirect network communications via the terminal 12, such as illustrated between themobile devices laptop computer 30. Such a trust domain may also communicate with external websites and data sources, such as by the terminal 12 communicating via a cellulardata communication link 2 with abase station 16 coupled to theInternet 24, or thelaptop computer 30 connected directly to theInternet 24 as illustrated. Similarly, one or more of themobile devices base station 16, such as by a cellulardata communication link 2. - The architecture illustrated in
FIG. 1 also supports trust domains that include distant elements, such as aserver 26 coupled to theInternet 24. For example, a trust domain may be administered byCA server 26 via theInternet 24. Messages intended for the trust domain may be transmitted from theCA server 26 via theInternet 24 to abase station 16 and then to the terminal 12 as illustrated. Fromterminal 12, the trust domain messages may be rebroadcast via localwireless communication links 3 to theother group members CA server 26 in a reverse manner. Similarly, the trust domain may include computing devices that are beyond the range of the terminal 12, such as a computer coupled to theInternet 24. Messages to and among trust domain members may be directed to each member device using IP addresses and addressing schemes that are well known in the Internet arts. - While the protocols and methods for communicating to, from and within a trust domain are well known, the various embodiments provide new mechanisms for establishing a trust domain or for joining new members to an existing trust domain. By adding close range communication transceivers to the terminal 12 and member
mobile devices terminal 12 andmobile device 28, aware of each other. Thus, to add a firstmobile device 28 to a trust domain including the terminal 12, the first mobile device is brought in very close proximity to the terminal 12. Using one of the known close range communication techniques, the firstmobile device 28 and the terminal 12 establish a closerange data link 4. Using the closerange data link 4, the firstmobile device 28 may send a request to the terminal 12 to be joined to a trust domain. Additional information such as device addressing, user notification, and/or trust domain participation confirmation may also be addressed at this point. - In an embodiment the first
mobile device 28 and the terminal 12 have data connectivity via disparate physical links, e.g. an 802.11g wireless link 3 and a CDMA cellulardata communication link 2 in addition to theclose range link 4. In this embodiment, the trust domain can be established using the 802.11g wireless link 3, the CDMA cellulardata communication link 2, or both. In a further embodiment, one or more of the group devices (e.g., the laptop computer 30) may include awired network link 1 that can be used for trust domain communications. - Each
device cellular links range communication link 4. Since the networking authentication is established by bringing two devices in close proximity and the credentials, network and trust domain addresses and set up information are communicated via the closerange communication link 4, joining a new device to an established trust domain can be completely transparent to the user. - The
network 10 illustrated inFIG. 1 enables a variety of connections betweenmobile devices laptop 30. For example, the trust domain can communicate by means ofcellular communications networks 2, bylocal wireless networks 3, bywired network connections 1 accessed viacellular communication links 2 to thebase station 16 via theMSC 18 andnetwork 19, and via theInternet 24 by anInternet connection 9. This flexibility in network connections is illustrated with respect to thelaptop 30 with dashed communications symbols. Once a trust domain has been authenticated by the shortrange communication link 4 procedures described herein, the trust domain devices may communicate with each other directly through secure peer-to-peer links or indirectly vianetworks - While
FIG. 1 shows a terminal 12 to be an immobile terminal, this device may itself be a mobile device, such as amobile device 29, laptop computer or personal computer on a mobile cart. For example, amobile device 29 may serve as the hub of a trust domain including itself, themobile device 28 and thelaptop 30, with network communications including a cellulardata network link 2 and a localarea wireless link 3. In this example, once trust domain membership is confirmed by bringing a secondmobile device 28 sufficiently close to the firstmobile device 29 to establish the closerange communication link 4, communications to, from and among the trust domain members may proceed according to well-known trust domain communication methods and protocols. - Each device that may be joined to a trust domain may be configured with application software to automatically negotiate the creation of a trust domain when any two devices are brought in close proximity. Similarly, the devices may be configured with application software to automatically join one device to an established trust domain of which the other device is a member when the two devices are brought into close proximity. Such applications using the communication capabilities of close range communication transceivers can eliminate much of the complexity of establishing secure trust domains. The need for users to enter group identification and communication link information into one or more devices is replaced by a requirement that two devices be touched (or nearly touched) together. In this manner, an extensive trust domain can be quickly configured by simply touching the various member devices together in sequence.
- In addition to providing a simple mechanism for establishing or expanding a trust domain, the various embodiments provide a secure mechanism for exchanging trust domain communication, identification and address information. Since close
range communication links 4 are by definition very short range, they are resistant to eavesdropping and interference from other devices. For example,FIG. 1 shows themobile device 28 sufficiently close to the terminal 12 to establish anNFC link 4, while other members of the group (such asmobile device 29 and laptop computer 30) cannot receive or interfere with that communication. Since credential security and addressing information are not exchanged over wide-area communication links - While
FIG. 1 is described above as being based upon a cellular data network, the same basic architecture may be implemented with other wireless network technologies, such as a WiFi or WiMax network. In such alternative wireless technologies, thebase station 16 would be a WiFi or WiMax (for example) base station. Other elements of such anetwork 10 would be substantially the same as shown inFIG. 1 and described above, except that the terminal 12 andother network elements FIG. 1 are intended to encompass both cellular and other wired and wireless network elements. Similarly, the terminal 12 may be coupled to alocal area network 19 by a wired connection (similar to the wirednetwork connection 1 shown in coupling to the laptop 30), and need not include a cellular network transceiver. - In a first embodiment illustrated in
FIGS. 2 and 3 , anew device 28 is connected to an existing trust the main among themobile device 29 andterminal 12. Such a trust domain may be based upon shared credential information (e.g., a PKI set of an encryption key credentials) as is well known in the art. When thenew device 28 is to be joined to the trust group, it is brought into close proximity with the terminal 12 or the othermobile device 29 so that a close-range communication link is automatically established;step 100,messages 34. The process of establishing a close-range communication link 4 may involve a series of handshaking communication exchanges encompassed withinmessages 34. For example, any of the known NFC protocol link establishment methods may be employed. Over the established close-range communication link 4, thenew device 28 may request registration with the trust domain,step 102, such as by transmitting its device ID and a standard request message,message 36. In response, the receiving device, whetherterminal 12 ormobile device 29, may send the security credential to thenew device 28 along with a challenge message over the closerange communication link 4;step 106,message 38. This message may also include seed data for security credentials if such encryption technology is used. Upon receiving the credential and challenge message, the new device may store the credential information and then calculate the appropriate response to the challenge and send the response back to the terminal ormobile device 29 over the closerange communication link 4;step 108,message 40. The receiving device, whetherterminal 12 ormobile device 29, checks the challenge response message to confirm that the value is correct,test 110. If the value is correct, this indicates that the credential was accurately received and is being properly processed by thenew device 28, enabling the trust domain to be extended to thenew device 28 so secure communications can begin over the trust domain data link,step 112. If however, the challenge response is incorrect, indicating that the credential was not properly received, the terminal 12 ormobile device 29 may resend the credential, repeatingstep 106 and resendingmessage 38. - Prior to sending the trust domain credential,
step 106, a user of the terminal 12 ormobile device 29 may be requested to perform an action to acknowledge and authorize the registration,optional step 104. This may be in the form of a request for the user to confirm the intent to admit thenew device 28, such as by pressing the letter “Y” on a keypad, or entering a password or submitting to a biometric scanner to confirm that the user is someone who can authorize extending the trust domain to thenew device 28. - As part of this process, such as a step in the process of establishing communications over the trust domain communication link,
step 112, the user of thenew device 28 may be notified that the device is being added to the trust domain. Such a notification may be in the form of a message presented on the mobile device display. Similarly, the device admitting thenew device 28 to the trust group may inform other devices within the trust domain, as well as notify a user, that the new device is being added, such as by communicating a message to be presented on each devices' display. - In an embodiment, the receiving device (i.e., terminal 12 or mobile device 29) may provide the credential and challenge,
step 106 andmessage 38, without receiving a request for registration from thenew device 28. In this embodiment, the process of establishing the close range communication link,step 100 andmessages 34, prompts the receiving device to extend the trust domain credential. - From a user's perspective, the steps of joining a
new device 28 to a trust group consists only of touching or nearly touching thenew device 28 to a device that is part of the trust group, such as the terminal 12 ormobile device 29,step 100. Quickly thereafter the user of thenew device 28 receives a notification (e.g., an optional display notification or operation of the device) that secure communications have been enabled,step 112. Thus, to the user, the process of joining anew device 28 to a trust group could hardly be easier. Even if the user is prompted to enter a password or biometric scan as in an embodiment described in more detail below, the complexity of deploying and verifying credentials and confirming secure communication capabilities are hidden from the user. - In an embodiment, the trust domain may be managed by a server within the trust domain, such as a
CA server 26. Example processes and messages for admitting anew device 28 to such a trust domain are illustrated inFIGS. 4 and 5 . In this example, secured communications are already established between members of the trust domain (e.g. the terminal 12 and mobile device 29) and theCA server 26,messages 42 a. Similar to the embodiment described above, when anew device 28 is to be added to the established trust domain, thenew device 28 is brought in close proximity to a member of the trust domain (e.g., the terminal 12 and mobile device 29) to establish a close range or NFC communication link;step 100,messages 34. With the close range communication link established, thenew device 28 requests registration with the trust domain;step 102,message 36. In this embodiment, membership within the trust domain is managed by theCA server 26, so upon receiving the registration request, the receiving device (e.g., the terminal 12 or mobile device 29) forwards the request to theCA server 26;step 114,message 44. Since the receiving device was within the trust domain, the message forwarding the registration request may be sent to theCA server 26 using the secured wireless or wired network communication. TheCA server 26 receives the request, confirms any device information provided along with the request, and confirms the request to add thenew device 28 to the trust domain,step 116. - Since the
CA server 26 is not in close proximity or communication contact with thenew device 28, it may send a request to the device which forwarded the registration request (e.g., the terminal 12 and mobile device 29) asking a user of that device to enter another credential to indicate agreement with joining thenew device 28;step 118,message 46. This request for a second credential from a user within the trust domain may be transmitted using the secure communication link of the trust group. This request may be for a simple user confirmation action (e.g., a request to press the letter “Y” key if the user agrees), for entry of a password known to theCA server 26, entry of a biometric scan (e.g., such as a request to scan the users finger over a fingerprint scanner included within the user's device), or some other credential that theCA server 26 can recognize as indicating user agreement with adding thenew device 28 to the trust domain. In response, the user performs the requested action,step 118, which is transmitted to theCA server 26,message 48. Again, this second user credential may be transmitted over the secured communication network of the trust domain. - The
CA server 26 then confirms the user's second credential,step 120. The second credential may be confirmed using a variety of known methods. For example, if the second credential is a password, theCA server 26 may compare the received password to a list (e.g., a database listing) of passwords assigned to individuals authorized to admit new devices to the trust domain. For example, certain individuals in an organization, such as loan officers in a bank or information technology (IT) professionals within a company, may be authorized to distribute credential information to new devices, such as laptop computers or new hardware installations. To ensure the addition of a new device to a trust domain is being initiated by a trusted individual, the CA server may be configured with a list of passwords assigned to such individuals. To provide a higher level of security, mobile devices assigned to such trusted individuals may be configured with biometric sensors, such as a finger print scanner 179 (seeFIG. 15 ) with biometric data of authorized users stored in a database on theCA server 26. In such implementations, theCA server 26 can verify that the user requesting the addition of anew device 28 to the trust domain is authorized to do so by comparing biometric data received from the user'smobile device 29 to biometric data of authorized users stored in a database maintained on or accessible by theCA server 26. - If the
CA server 26 confirms the user's second credential, it transmits the credential to be passed to thenew device 28;step 122,message 50. This credential message is sent to the member of the trust domain which received the initial registers request, such as the terminal 12 ormobile device 29. Alternatively, theCA server 26 may simply authorize the receiving device (e.g., the terminal 12 and mobile device 29) to forward on the credential used to establish the trust domain. That device then sends the credential along with a challenge message to thenew device 28;step 106,message 38. Since thenew device 28 is not yet a member of the trust domain, the credential and challenge message is sent via the close range communication link. As described above with reference toFIG. 2 , thenew device 28 stores the credential, calculates the appropriate response to the challenge, and sends the challenge response back to the member of the trust domain which is in close proximity (e.g., the terminal 12 or mobile device 29);step 108,message 40. The receiving device checks the challenge response message to confirm that the value is correct,test 110. If the value is correct, this indicates that the credential was accurately received and is being properly processed by thenew device 28, enabling the trust domain to be extended to thenew device 28 so secure communications can begin over the trust domain data link;step 112,messages mobile device 29 may resend the credential, repeatingstep 106 and resendingmessage 38. - In an embodiment, the receiving device (i.e., terminal 12 or mobile device 29) may forward a request for registration of the
new device 28 to theCA server 26,step 114 andmessage 44, without receiving a request for registration from thenew device 28. In this embodiment, the process of establishing the close range communication link;step 100,messages 34, may prompt the receiving device to inform theCA server 26 that anew device 28 is attempting to join the trust domain. This automatic notification may be sufficient to enable theCA server 26 to confirm the addition of thenew device 28,step 116, and request the receiving device to enter a credential in order to consent to adding thedevice 28 to the trust domain,step 118. - In some instances, a new
mobile device 28 may include credential information, such as a digital signature, stored in the device by the original equipment manufacturer or a service provider. Such credential information may be useful to enabling a trust domain administrator (such as a CA server 26) to determine whether the new device should be added to the trust domain. Such credential information may be verified using any known method including, for example, PKI methods. Accordingly, in an embodiment illustrated inFIGS. 6-8 , the credential stored on thenew device 28 is confirmed as part of the process of deciding whether to add the device to the trust domain. Referring toFIG. 6 , in one implementation, the newmobile device 28 is brought into close proximity with a member of the established trust domain in order to establish a close range communication link,step 100. Thenew device 28 then sends its preloaded credential along with a registration request over the close range communication link to a member of the established trust domain,step 102. This message is similar to theregistration request message 36 illustrated inFIG. 3 with the addition of the device's credential information. Upon receiving the credential, a member of the trust domain, such as theCA server 26, confirms the credential using known methods, such as PKI methods,step 124. If the credential is valid, the trust domain, such as theCA server 26, can confirm the origin of thenew device 28, and proceed to issue credential information along with a challenge request,step 106. This method then continues in the manner described above with reference toFIGS. 2 and 3 forsteps - In a second implementation, the
new device 28 may use its preloaded credential information to secure a first communication link with aCA server 26 and then request entry into a trust domain to receive a new service. As illustrated in FIGS. 7 and 8, thenew device 28 may establish a secure wired or wireless communication link with aCA server 26 using its preloaded credential;step 126,messages 52. Using this secure link, thenew device 28 may then request registration for the new service;step 128,message 54. In response, theCA server 26 may confirm the credential of thenew device 28,step 130. If thenew device 28 credential is confirmed, theCA server 26 may send an instruction to thenew device 28 and another device within the trust domain including the new service, such as the terminal 12, to enter into a close range communication link;step 132,messages step 100,messages 34. Once the close range communication link is established, thenew device 28 may send a registration request to the terminal 12 over the close range communication link;step 102,message 36. The terminal 12 may then forward a confirmation message to theCA server 26 indicating that a proximity event has occurred with thenew device 28; step 115,message 58. In response, theCA server 26 may provide the credential to be used by thenew device 28 to the terminal 12;step 122,message 60. At this point, the method and messages proceed substantially as described above with reference toFIGS. 4 and 5 to extend the trust domain to include thenew device 28. - In a further embodiment, the methods and systems described herein may be used to extend a trust domain from a
CA server 26 to afirst device 29 and then on to a second device 28 (and so on). As illustrated inFIGS. 9-10 , a firstmobile device 29 may be brought into close proximity with theCA server 26 in order to establish a close range communication link; step 100 a,messages 34 a. Thefirst device 29 may request registration with theCA server 26, step 102 a andmessage 36 a, and in response theCA server 26 sends a credential and challenge message, step 106 a andmessage 38 a. Thetrust server 26 may send the credential and challenge message, step 106 a,message 38 a, without prompting from thefirst device 29, relying instead upon the establishment of a close range communication link, step 100 a. As described above with reference toFIGS. 2 and 3 , the firstmobile device 29 stores the credential, calculates a response to the challenge request, and transmits the challenge response back to thetrust server 26; step 108 a, message 40 a. Thetrust server 26 verifies that the challenge response is valid, test 110 a, repeating the step of sending the credential and challenge request, step 106 a, if the response is not valid. - If the
new device 29 successfully received the credential (i.e., test 110 a=“Yes”), thenew device 29 is moved within the trust domain and now can be used to extend the trust domain to other devices. For example, a user of thefirst device 29 may bring it within close proximity to asecond device 28 in order to establish another close range communication link; step 100 b,messages 34 b. The process of requesting registration, and sending credentials, confirming that credentials were properly received and commencing secure communications over the trust domain communication link, steps 102 b through 112, then proceed in a manner substantially the same as the similarly labeled steps described above with reference toFIGS. 2 and 3 . - This embodiment has a number of useful applications for distributing credentials using a
mobile device 29 as a means for linking a number of other devices into the trust domain. - The foregoing embodiments have been described as extending an existing credential from an established trust domain to a
new device 28. However in another embodiment, theCA server 26 may issue a new credential when anew device 28 requests to join the trust domain. This embodiment may be useful when the entry of thenew device 28 requires a different level of security or there is a need to avoid disclosing the previous credential to thenew device 28. - In this embodiment, which is illustrated in
FIGS. 11 and 12 , anew device 28 seeks to join a trust domain by establishing a close range communication link,step 100 andmessages 34, and transmitting a registration request to a member of the trust domain,step 102 andmessage 36, in a manner similar to those described above with reference toFIGS. 4 and 5 . A member device (e.g., terminal 12 or mobile device 29) receiving a registration request from thenew device 28 pass the request on to aCA server 26;step 114 andmessage 44. Upon receiving the relayed registration request, theCA server 26 may generate a new credential to be used to establish the trust domain,step 134. This new credential(s) will replace the present credential(s) used by members of the trust domain so that thenew device 28 can be admitted to the trust domain. To do so, theCA server 26 sends the new credential along with a challenge request to each member of the trust domain, step 106 a andmessage 62.FIG. 11 shows the delivery of new credential information being passed from theCA server 26 to a member of the trust domain, such as the terminal 12, but the new credential may also be passed from one member to the next in a manner similar to that described above with reference toFIGS. 9 and 10 . As described above for other embodiments, each device receiving a new credential stores the credential, calculates an appropriate response to the challenge request and transmits that challenge response back to the device which provided the credential; step 108 a andmessage 64. The challenge response is checked for validity, test 110 a, so that if the credential was not properly delivered it can be retransmitted, step 106 a. Since the members of the trust domain already have secure communications established, the transmission of the new credential can be made using that link, as shown inFIG. 12 , without the need to establish close range communication links between each pair of devices within the trust domain. WhileFIGS. 11 and 12 illustrate passing credentials to only a single member of the trust domain, the various steps may be repeated until all members of the trust domain have received the new credential. - Once the new credential has been deployed within the trust domain, one of members of the trust domain can pass the credential on to the
new device 28 using the established close range communication link. This can be accomplished insteps 106 b-112 andmessages FIGS. 9 and 10 for like numbered steps and messages. - In any of the foregoing embodiments, as part of the process of admitting a
new device 28 to the trust domain, the user of thenew device 28 may be prompted to enter an identifying credential, such as a password or a biometric identifier, in order to confirm the user's identity or prior authorization to join the trust domain. Such a prompt may be generated as part of the process of establishing the close range communication link,step 100, and may be presented to the user on a display of thenew device 28. If the user is prompted to enter a password, the user may do so by using a keypad or keyboard on thenew device 28. If the user is prompted to enter a biometric identifier, the user may use a biometric sensor on thenew device 28 to enable the new device to obtain biometric information that it can forward to the requesting device. For example, thenew device 28 may include a finger print scanner 179 (seeFIG. 15 ) enabling the user to provide a finger print image or scan as a biometric identifier. As another example, the user may speak a password phrase into a microphone of thenew device 28 in order to provide a voice print or audio file suitable for voice print identification. Other biometric credentials may also be used. The user identifier information (password, biometric identifier or other credential) may be passed to the requesting device within the trust domain via the closerange communication link 4 as part of the registration request,step 102 andmessage 36, or as a separate step and message (not shown). As described above with reference toFIG. 4 , aCA server 26 can confirm the user's identity based upon a password, by comparing the received password to a list of passwords assigned to individuals authorized to register with a trust domain. Similarly, aCA server 26 can confirm the user's identity based upon biometric data, by comparing the received biometric data to biometric data of individuals authorized to register with a trust domain. - In an embodiment, a proximity event may also be used as part of the process of removing a device from a trust domain. For example, as illustrated in
FIGS. 13 and 14 , amobile device 28 that is a member of the trust domain is able to engage in secure communications over the wired or wireless communication link enabled by the domain encryption credentials,step 134 andmessages 66. To remove themobile device 28, a user may bring the device in close proximity to another member of the trust domain, such as the terminal 12, which automatically causes the establishment of a close range communication link;step 136 andmessages 68. Themobile device 28 may then send a message via the close range communication link to the terminal 12 announcing a desire to leave the trust domain;step 138 andmessage 70. Upon receiving that message, the terminal 12 may send messages via the trust domain communication link informing other members of the trust domain that themobile device 28 is about to depart,step 140. The terminal 12 may also receive confirmation from theCA server 26 that departure of themobile device 28 is permissible. At this point, the terminal 12 may send a message to the departingmobile device 28 confirming or acknowledging that the departure request has been received;step 142 andmessage 72. At that point, themobile device 28 may delete the key credential,step 144, thereby taking itself out of the trust domain. In an embodiment, theCA server 26 may want to transmit a new credential to remaining members within the trust domain in order to ensure that the departingmobile device 28 is not able to reestablish security communications without repeating the credential deployment methods of the various embodiments. In a variation on this embodiment, the indication of a desire to leave the trust domain may be transmitted to other members of the trust domain by the leavingmobile device 28 using the secure communication link. The desire to leave the trust domain may then be communicated by the leavingmobile device 28 to the terminal 12 using the closerange communication link 4. The terminal 12 can then inform the rest of the trust domain that the firstmobile device 28 is no longer a member of the group. - Including a step of creating a close range communication link in order to remove a device from a trust domain provides an added layer of security in the form of a physical movement (i.e., bringing the departing device into close proximity with the terminal 12). This added step reduces the chance that devices are inadvertently dropped from a trust domain. Of course, devices may also exit a trust domain by being turned off or transmitting messages communicating a desire to leave the domain via the established trust domain communication link.
- The embodiments described above may be implemented on any of a variety of mobile handsets, such as, for example, laptop computers, cellular telephones, personal data assistants (PDA) with cellular telephone, mobile electronic mail receivers, mobile web access devices, and other processor-equipped devices that may be developed in the future that connect to a wireless network. Typically, such mobile handsets will have in common the components illustrated in
FIG. 15 . For example, themobile handset 170 may include aprocessor 171 coupled tointernal memory 172 and adisplay 173. Additionally, themobile handset 170 will have anantenna 174 for sending and receiving electromagnetic radiation that is connected to a wireless data link and/orcellular telephone transceiver 175 coupled to theprocessor 171. In some implementations, thetransceiver 175 and portions of theprocessor 171 andmemory 172 used for cellular telephone communications is referred to as the air interface since it provides a data interface via a wireless data link. Additionally, themobile handset 170 will include aclose range transceiver 178 capable of establishing and communicating a close range communication link, such as using one of the near field communication protocols. In some embodiments, themobile handset 170 will include biometric sensors, such as afinger print scanner 179 that can obtain a biometric image of a user and pass the data to theprocessor 171. Mobile handsets typically include akey pad 176 or miniature keyboard and menu selection buttons orrocker switches 177 for receiving user inputs. - The embodiments described above may also be implemented on any of a variety of other computing devices, such as, for example a
personal computer 180 illustrated inFIG. 16 , processor-equipped components (e.g., anIV pump 214 or anECG monitor 216 shown inFIG. 18 ), and other smart devices. Such apersonal computer 180 typically includes aprocessor 181 coupled tomemory 182 and a large capacity memory, such as adisk drive 183. Thecomputer 180 may also include anetwork connection circuit 184 for coupling the processor to a wired network. Additionally, thecomputer 180 may include a medium to longrange wireless transceiver 185 such as a WiFi or BlueTooth® transceiver coupled to theprocessor 181 for transmitting and receiving data via a wireless data network. Also, thecomputer 180 used in the various embodiments includes a closerange communication transceiver 188 which is configured to send and receive data over a very short range wireless data link. For example, the closerange communication transceiver 188 may be an NFC protocol transceiver or an RFID reader. So configured, thecomputer 180 can establish close range communication links with other devices, such as themobile device 170 shown inFIG. 15 , in order to accomplish the methods of the various embodiments. - The embodiments described above may also be implemented on any of a variety of server and network administrator systems, such as, for example a
network server 190 illustrated inFIG. 17 . Such aserver 190 typically includes aprocessor 191 coupled tomemory 192 and a large capacity memory, such as adisk drive 193. Theserver 190 may also include a plurality of network connection circuits 194 a-194 d for coupling the processor to a wired network, such as the Internet. Optionally, theserver 190 may also include a medium-to-longrange wireless transceiver 195 such as a WiFi transceiver coupled to theprocessor 191 for transmitting and receiving data via a wireless data network. Also, theserver 190 optionally may include a closerange communication transceiver 198 which is configured to send and receive data over a very short range wireless data link. For example, the closerange communication transceiver 198 may be an NFC protocol transceiver or an RFID reader. So configured, theserver 190 can establish close range communication links with other devices, such as themobile device 180 shown inFIG. 15 or thecomputer 180 shown inFIG. 16 , in order to accomplish the methods of the various embodiments. - The various embodiments enable a variety of applications beyond simply supporting encrypted communications. An example application is illustrated in
FIG. 18 which shows a sensor, data collection and database system that may be employed within a hospital, such as in an intensive care unit. The various embodiments enable the creation of virtual cables (referred to herein as “V-cables”) to link various medical devices to a network using flexible wireless communication links, thereby replacing cables presently used to communicate data from devices to monitors to data collection nodes. Such a system may include apatient monitoring computer 212 containing component described above with reference toFIG. 16 that is configured to communicate with a medium rangewireless data link 222, such as a BlueTooth® protocol data link, as well as a closerange communication link 224. Additionally, thepatient monitoring computer 212 may be equipped with a long-range wireless transceiver able to communicate via a long-rangewireless data link 226, such as a WiFi data link in order to connect to ahospital mainframe computer 220. Alternatively, the patient monitoring computer may be coupled to thehospital mainframe computer 220 by awired network 224. Within the patient's intensive care unit may be certain patient monitoring equipment, such as an intravenous (IV)pump 214 and an electrocardiogram (ECG) monitor 216. Suchpatient monitoring equipment range communication link 224 employed in the various embodiments in order to receive credential information sufficient to establish secure communication via the mediumrange wireless network 222. The various embodiments may further be used to communicate patient data from sensors, such as aportable electrode 218 using both the mediumrange wireless network 222 and the closerange communication link 224 employed in the various embodiments. In order to connect medical devices that are not equipped with close and medium range communication transceivers, avirtual cable connector 200 may be used to connect such devices to thepatient monitor computer 212. More details regarding thevirtual cable connector 200 are provided below with reference toFIG. 20 . - The operation of the system shown in
FIG. 18 can be appreciated by considering an example of the steps required to begin monitoring a new patient. As illustrated inFIG. 19 , thepatient monitor computer 212 may be turned on and logged into the hospitals network andmainframe computer 220,step 250. Depending upon the implementation, thehospital mainframe computer 220 may send credential information to thepatient monitor computer 212 along with any seed data used for encrypting wireless transmissions,step 252. To connect the ECG monitor 216 to thepatient monitor computer 212, the monitor may be brought into close proximity to the computer to establish a close range communication link and receive credential information as described in the foregoing embodiments,step 254. Proper operation of the data link connecting the ECG monitor 216 topatient monitor computer 212 may be confirmed,step 256, and the process repeated if necessary,step 258. Then, eachECG sensor 218 may be configured to send data to the ECG monitor 216 simply by touching eachsensor 218 to the monitor,step 260. Proper operation of the ECG sensor-to-monitor data link may be confirmed,step 262, with the process repeated if necessary,step 264. Similarly, the IV pump 214 can be coupled to thepatient monitor computer 212 simply by bringing it into close proximity with the computer,step 266. Again, the pump-to-computer data link may be confirmed,step 268, and the process repeated if necessary,step 270. This process of touching to connect various medical devices may continue until all devices have been linked to thepatient monitor computer 212. At that point, patient monitoring using the system illustrated inFIG. 18 may begin,step 272. - The method illustrated in
FIG. 19 assumes that each medical device includes both close range wireless (e.g., NFC) and medium range wireless (e.g., BlueTooth®) transceivers. However, the system may also be implemented with medical devices that are configured for convention cable connections by using a V-cable connector 200, an example of which is illustrated inFIG. 20 . A V-cable connector 200 may include aprocessor 201 coupled tomemory 202 and a power supply, such as abattery 203. The V-cable connector 200 may include a medium-range transceiver 205 coupled to theprocessor 201 and anantenna 204 configured to establish medium-range wireless communications, such as using the BlueTooth® protocol. Additionally, the V-cable connector 200 may include a closerange communication transceiver 208 connected to theprocessor 201 and anantenna 209. For example, theclose range transceiver 208 may be an RFID device or an NFC protocol transceiver. Additionally, the V-cable connector 200 may include aconnector plug 206 coupled to the connector via acoaxial cable 207. Theconnector plug 206 is configured to match the standard plug configuration of cables used to connect medical devices together and to apatient monitor computer 212. The V-cable connector 200 may be enclosed within ahousing 210 to provide a unitary device that can simply be plugged into the cable port of medical devices just as if it were a cable. Theprocessor 201 may be configured with software instructions, which may be stored in thememory 202, to cause the processor to operate thetransceivers cable connector 200 includes all of the communication elements needed to be able to connect one mobile device to another device having a V-cable connector 200 or internal transceivers using secure wireless communication networks as if the connection was made by a cable. - The operation of the hospital system using V-
cable connectors 200 can be appreciated by considering an example of steps required to assemble the system in order to monitor a new patient. As illustrated inFIG. 21 , thepatient monitor computer 212 may be turned on and logged into the hospitals network andmainframe computer 220,step 250. Depending upon the implementation, thehospital mainframe computer 220 may send credential information to thepatient monitor computer 212 along with any seed data used for encrypting wireless transmissions,step 252. To connect various medical devices using V-cable connectors 200, one connector is touched to thepatient monitor computer 212 to establish a closerange communication link 222 in order to receive credential information,step 280. The connector-to-computer data link may be confirmed,step 282, and the process repeated if necessary,step 284. With the data link established, the V-cable connector 200 is plugged into a medical device, such as anECG monitor 216,step 286. Then to connect a number of ECG sensors to the ECG monitor 216, an equal number of V-cable connectors 200 are plugged into the ECG monitor 216,step 288. If theECG sensors 218 are equipped with wireless transceivers, as illustrated inFIG. 18 , the sensors can be linked to the ECG monitor 216 by touching eachsensor 218 to a respective one of the V-cable connectors 200 plugged into theECG Monitor 216,step 290. The sensor-to-connector data link may be confirmed,step 292, and the process repeated if necessary,step 294. With the sensors electronically linked to the monitor, they then can be applied to the patient,step 294. The IV pump can be similarly connected to thepatient monitor computer 212 by touching a V-cable connector 200 to the computer,step 296, verifying the connector-to-computer data link, step 298 (and repeating the process if necessary step 300) and then plugging the V-cable connector 200 into the IV pump,step 302. At this point, patient monitoring can begin,step 272. - As may be appreciated, the various embodiments can enable a variety of other applications for using virtual cables to quickly and simply replace physical cables. The use of encryption credentials with the medium-to-long range communication link will prevent interference by other V-cable connections as well as protect data from eavesdropping just as physical cables will do. Using the various embodiments, the process for establishing such ad hoc trust domains can be simplified to the intuitive process of simply touching components and virtual connectors together in order to establish the desired data link and security arrangement.
- In the various devices, components and servers, the
processor multiple processors internal memory processor processor processor internal memory processor memory memory - In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored or transmitted as one or more instructions or codes on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. By way of example, and not limitation, such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer. Also, any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
- The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (70)
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/035,309 US8522019B2 (en) | 2007-02-23 | 2008-02-21 | Method and apparatus to create trust domains based on proximity |
KR1020097019889A KR101216545B1 (en) | 2007-02-23 | 2008-02-25 | Method and Apparatus To Deploy Dynamic Credential Infrastructure Based on Proximity |
CN2008800056438A CN101617346B (en) | 2007-02-23 | 2008-02-25 | Method and apparatus to deploy dynamic credential infrastructure based on proximity |
PCT/US2008/054900 WO2008103991A2 (en) | 2007-02-23 | 2008-02-25 | Method and apparatus to deploy dynamic credential infrastructure based on proximity |
EP08730658A EP2126854A2 (en) | 2007-02-23 | 2008-02-25 | Method and apparatus to deploy dynamic credential infrastructure based on proximity |
JP2009550633A JP2010519640A (en) | 2007-02-23 | 2008-02-25 | Method and apparatus for deploying a dynamic credential infrastructure based on proximity |
JP2012174991A JP5415600B2 (en) | 2007-02-23 | 2012-08-07 | Method and apparatus for deploying a dynamic credential infrastructure based on proximity |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US89123007P | 2007-02-23 | 2007-02-23 | |
US12/035,309 US8522019B2 (en) | 2007-02-23 | 2008-02-21 | Method and apparatus to create trust domains based on proximity |
Publications (2)
Publication Number | Publication Date |
---|---|
US20080222711A1 true US20080222711A1 (en) | 2008-09-11 |
US8522019B2 US8522019B2 (en) | 2013-08-27 |
Family
ID=39591526
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/035,309 Expired - Fee Related US8522019B2 (en) | 2007-02-23 | 2008-02-21 | Method and apparatus to create trust domains based on proximity |
Country Status (6)
Country | Link |
---|---|
US (1) | US8522019B2 (en) |
EP (1) | EP2126854A2 (en) |
JP (2) | JP2010519640A (en) |
KR (1) | KR101216545B1 (en) |
CN (1) | CN101617346B (en) |
WO (1) | WO2008103991A2 (en) |
Cited By (159)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050213763A1 (en) * | 2002-08-19 | 2005-09-29 | Owen Russell N | System and method for secure control of resources of wireless mobile communication devices |
US20090030995A1 (en) * | 2007-07-27 | 2009-01-29 | Jesse Boudreau | Wireless communication systems |
US20090034463A1 (en) * | 2007-07-27 | 2009-02-05 | Research In Motion Limited | Method and system for resource sharing |
US20090070429A1 (en) * | 2007-07-27 | 2009-03-12 | Thomas Murphy | Information exchange in wireless servers |
US20090271519A1 (en) * | 2008-04-23 | 2009-10-29 | Richard Eric Helvick | Method and system for facilitating group organization using mobile devices |
US20090292799A1 (en) * | 2008-05-23 | 2009-11-26 | Research In Motion Limited | Remote administration of mobile wireless devices |
US20100043061A1 (en) * | 2008-08-12 | 2010-02-18 | Philippe Martin | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
US20100062746A1 (en) * | 2008-09-08 | 2010-03-11 | Proctor Jr James Arthur | Protocol for anonymous wireless communication |
US20100094981A1 (en) * | 2005-07-07 | 2010-04-15 | Cordray Christopher G | Dynamically Deployable Self Configuring Distributed Network Management System |
US20100217803A1 (en) * | 2009-01-29 | 2010-08-26 | Ivy Biomedical Systems, Inc. | Interface device for communication between a medical device and a computer |
US20100223359A1 (en) * | 2009-02-27 | 2010-09-02 | Research In Motion Limited | Device-to-device transfer |
US20100257593A1 (en) * | 2009-04-07 | 2010-10-07 | Roy Avelo | Social Networking Platform with Synchronized Communication Device |
WO2010117556A2 (en) * | 2009-03-31 | 2010-10-14 | Motorola, Inc. | Method and system for propagating trust in an ad hoc wireless communication network |
US20110004920A1 (en) * | 2009-07-03 | 2011-01-06 | Takeshi Ejima | Wireless communication system, wireless host, and wireless device |
US20110007901A1 (en) * | 2008-12-26 | 2011-01-13 | Yoichi Ikeda | Communication device |
US20110072100A1 (en) * | 2008-05-14 | 2011-03-24 | Airtag | Method for Communicating at Least One Targeted Message from a Service Provider to a User of a Portable Terminal |
US20110072501A1 (en) * | 2009-09-18 | 2011-03-24 | Kabushiki Kaisha Toshiba | Electronic apparatus and communication control method |
US7978062B2 (en) | 2007-08-31 | 2011-07-12 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network |
US20110214158A1 (en) * | 2010-02-26 | 2011-09-01 | Research In Motion Limited | Wireless communications system providing mobile device authentication bypass based upon user-wearable security device and related methods |
US20110231922A1 (en) * | 2010-03-16 | 2011-09-22 | Ricoh Company, Ltd. | Communication apparatus, wireless communication system, and method of setting association information |
US20110238995A1 (en) * | 2010-03-29 | 2011-09-29 | Motorola, Inc. | Methods for authentication using near-field |
US20120047551A1 (en) * | 2009-12-28 | 2012-02-23 | Interdigital Patent Holdings, Inc. | Machine-To-Machine Gateway Architecture |
US20120079609A1 (en) * | 2010-09-24 | 2012-03-29 | Research In Motion Limited | Method for establishing a plurality of modes of operation on a mobile device |
FR2969440A1 (en) * | 2010-12-21 | 2012-06-22 | Oberthur Technologies | ELECTRONIC DEVICE AND COMMUNICATION METHOD |
US8319631B2 (en) | 2009-03-04 | 2012-11-27 | Cardiac Pacemakers, Inc. | Modular patient portable communicator for use in life critical network |
US20130006784A1 (en) * | 2011-06-30 | 2013-01-03 | Cable Television Laboratories, Inc. | Personal authentication |
US20130050484A1 (en) * | 2007-12-28 | 2013-02-28 | Motorola Mobility Llc | Method for Collecting Media Associated with a Mobile Device |
CN103098070A (en) * | 2010-09-23 | 2013-05-08 | 惠普发展公司,有限责任合伙企业 | Methods, apparatus and systems for monitoring locations of data within a network service |
US20130191897A1 (en) * | 2012-01-24 | 2013-07-25 | Cummings Engineering Consultants, Inc. | Field Provisioning a Device to a Secure Enclave |
US20130191635A1 (en) * | 2009-11-26 | 2013-07-25 | Kabushiki Ksisha Toshiba | Wireless authentication terminal |
US20130198516A1 (en) * | 2012-01-18 | 2013-08-01 | OneID Inc. | Methods and systems for pairing devices |
US20130203378A1 (en) * | 2012-02-02 | 2013-08-08 | Sierra Wireless, Inc | Subscription and charging control for wireless communications between proximate devices |
US20130212661A1 (en) * | 2012-02-13 | 2013-08-15 | XceedlD Corporation | Credential management system |
US8578461B2 (en) | 2010-09-27 | 2013-11-05 | Blackberry Limited | Authenticating an auxiliary device from a portable electronic device |
WO2014000103A1 (en) * | 2012-06-26 | 2014-01-03 | Certicom Corp. | Methods and devices for establishing trust on first use for close proximity communications |
US8626867B2 (en) | 2007-07-27 | 2014-01-07 | Blackberry Limited | Apparatus and methods for operation of a wireless server |
USRE44746E1 (en) | 2004-04-30 | 2014-02-04 | Blackberry Limited | System and method for handling data transfers |
US20140035727A1 (en) * | 2010-11-17 | 2014-02-06 | Research In Motion Limited | Application Routing Configuration for NFC Controller Supporting Multiple NFCEEs |
US8656016B1 (en) | 2012-10-24 | 2014-02-18 | Blackberry Limited | Managing application execution and data access on a device |
EP2704410A1 (en) * | 2012-09-03 | 2014-03-05 | Brother Kogyo Kabushiki Kaisha | Image processing apparatus, information processing apparatus, and image processing method |
US20140119356A1 (en) * | 2012-10-31 | 2014-05-01 | Hon Hai Precision Industry Co., Ltd. | Nfc server and nfc service method of communication devices using wifi direct |
US20140136633A1 (en) * | 2012-11-15 | 2014-05-15 | Samsung Electronics Co. Ltd. | Apparatus and method for sharing time-sensitive data between devices with intermittent connectivity |
US20140162608A1 (en) * | 2012-12-06 | 2014-06-12 | International Business Machines Corporation | Collaborative sharing of contextually similar cache data to reduce network usage |
EP2747370A1 (en) * | 2012-12-21 | 2014-06-25 | Gemalto SA | Method and apparatus for providing secure access to a network |
US8782766B1 (en) | 2012-12-27 | 2014-07-15 | Motorola Solutions, Inc. | Method and apparatus for single sign-on collaboration among mobile devices |
US8799227B2 (en) | 2011-11-11 | 2014-08-05 | Blackberry Limited | Presenting metadata from multiple perimeters |
US8806205B2 (en) | 2012-12-27 | 2014-08-12 | Motorola Solutions, Inc. | Apparatus for and method of multi-factor authentication among collaborating communication devices |
WO2014124405A2 (en) * | 2013-02-08 | 2014-08-14 | Schlage Lock Company Llc | Control system and method |
US8812841B2 (en) | 2009-03-04 | 2014-08-19 | Cardiac Pacemakers, Inc. | Communications hub for use in life critical network |
US20140289519A1 (en) * | 2013-03-22 | 2014-09-25 | Hewlett-Packard Development Company, L.P. | Entities with biometrically derived keys |
US8893219B2 (en) | 2012-02-17 | 2014-11-18 | Blackberry Limited | Certificate management method based on connectivity and policy |
US8914009B2 (en) | 2007-07-27 | 2014-12-16 | Blackberry Limited | Administration of wireless systems |
US20150003611A1 (en) * | 2011-12-12 | 2015-01-01 | Sony Corporation | System for transmitting a data signal in a network, method, mobile transmitting device and network device |
US8931045B2 (en) | 2012-02-16 | 2015-01-06 | Blackberry Limited | Method and apparatus for management of multiple grouped resources on device |
US8955081B2 (en) | 2012-12-27 | 2015-02-10 | Motorola Solutions, Inc. | Method and apparatus for single sign-on collaboraton among mobile devices |
US8959451B2 (en) | 2010-09-24 | 2015-02-17 | Blackberry Limited | Launching an application based on data classification |
US8965992B2 (en) | 2007-07-27 | 2015-02-24 | Blackberry Limited | Apparatus and methods for coordination of wireless systems |
US8972762B2 (en) | 2012-07-11 | 2015-03-03 | Blackberry Limited | Computing devices and methods for resetting inactivity timers on computing devices |
WO2015039874A1 (en) * | 2013-09-23 | 2015-03-26 | BSH Bosch und Siemens Hausgeräte GmbH | Method for connecting a domestic appliance to a wireless home network, computer program product, portable communications terminal and domestic appliance |
US20150092225A1 (en) * | 2013-09-30 | 2015-04-02 | Brother Kogyo Kabushiki Kaisha | Function executing device |
US9013267B2 (en) | 2010-08-24 | 2015-04-21 | Rhonda Enterprises, Llc | Systems and methods for position-based loaning of electronic documents to electronic device users |
US9021059B2 (en) | 2009-02-27 | 2015-04-28 | Blackberry Limited | Data hub server |
US9026668B2 (en) | 2012-05-26 | 2015-05-05 | Free Stream Media Corp. | Real-time and retargeted advertising on multiple screens of a user watching television |
US9047451B2 (en) | 2010-09-24 | 2015-06-02 | Blackberry Limited | Method and apparatus for differentiated access control |
EP2775745A4 (en) * | 2011-10-31 | 2015-06-24 | Mozido Corfire Korea Ltd | Method and system for providing information using a consent procedure executed by means of near-field communication |
US20150181430A1 (en) * | 2013-12-19 | 2015-06-25 | Kwan Ho Lee | Systems and methods for communication using a body area network |
US9077622B2 (en) | 2012-02-16 | 2015-07-07 | Blackberry Limited | Method and apparatus for automatic VPN login on interface selection |
US9075955B2 (en) | 2012-10-24 | 2015-07-07 | Blackberry Limited | Managing permission settings applied to applications |
CN104769913A (en) * | 2012-11-07 | 2015-07-08 | 微软公司 | Policy-based resource access via NFC |
US9106781B2 (en) | 2012-03-30 | 2015-08-11 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of interfaces for executing a communication with a terminal device |
US9135612B1 (en) | 2011-04-17 | 2015-09-15 | Proctor Consulting, LLC | Proximity detection, virtual detection, or location based triggering of the exchange of value and information |
US9137668B2 (en) | 2004-02-26 | 2015-09-15 | Blackberry Limited | Computing device with environment aware features |
EP2795568A4 (en) * | 2011-12-22 | 2015-09-16 | Covidien Lp | System and method for patient identification in a remote monitoring system |
US9154942B2 (en) | 2008-11-26 | 2015-10-06 | Free Stream Media Corp. | Zero configuration communication between a browser and a networked media device |
US9161226B2 (en) | 2011-10-17 | 2015-10-13 | Blackberry Limited | Associating services to perimeters |
US20150334516A1 (en) * | 2009-08-14 | 2015-11-19 | Samsung Electronics Co., Ltd. | System, method and apparatus for wireless network connection using near field communication |
US20150351145A1 (en) * | 2014-02-05 | 2015-12-03 | Apple Inc. | Controller networks for an accessory management system |
US9215075B1 (en) * | 2013-03-15 | 2015-12-15 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US20150371453A1 (en) * | 2014-06-23 | 2015-12-24 | Nxp B.V. | Near field communication system |
US9225727B2 (en) | 2010-11-15 | 2015-12-29 | Blackberry Limited | Data source based application sandboxing |
US9262604B2 (en) | 2012-02-01 | 2016-02-16 | Blackberry Limited | Method and system for locking an electronic device |
US9270682B2 (en) | 2007-07-27 | 2016-02-23 | Blackberry Limited | Administration of policies for wireless devices in a wireless communication system |
US9277402B2 (en) | 2013-03-06 | 2016-03-01 | Qualcomm Incorporated | Systems and methods for secure high-speed link maintenance via NFC |
US9282099B2 (en) | 2005-06-29 | 2016-03-08 | Blackberry Limited | System and method for privilege management and revocation |
US9298700B1 (en) | 2009-07-28 | 2016-03-29 | Amazon Technologies, Inc. | Determining similar phrases |
US9306948B2 (en) | 2012-02-16 | 2016-04-05 | Blackberry Limited | Method and apparatus for separation of connection data by perimeter type |
US9332431B2 (en) | 2012-12-27 | 2016-05-03 | Motorola Solutions, Inc. | Method of and system for authenticating and operating personal communication devices over public safety networks |
US9369466B2 (en) | 2012-06-21 | 2016-06-14 | Blackberry Limited | Managing use of network resources |
US9378394B2 (en) | 2010-09-24 | 2016-06-28 | Blackberry Limited | Method and apparatus for differentiated access control |
US9379779B2 (en) | 2011-10-21 | 2016-06-28 | Lg Electronics Inc. | Electronic device and a method of operating the same |
US9386356B2 (en) | 2008-11-26 | 2016-07-05 | Free Stream Media Corp. | Targeting with television audience data across multiple screens |
US9386451B2 (en) | 2013-01-29 | 2016-07-05 | Blackberry Limited | Managing application access to certificates and keys |
US9426145B2 (en) | 2012-02-17 | 2016-08-23 | Blackberry Limited | Designation of classes for certificates and keys |
US9485286B1 (en) * | 2010-03-02 | 2016-11-01 | Amazon Technologies, Inc. | Sharing media items with pass phrases |
US9485608B2 (en) | 2012-08-06 | 2016-11-01 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9497220B2 (en) | 2011-10-17 | 2016-11-15 | Blackberry Limited | Dynamically generating perimeters |
US9495511B2 (en) | 2011-03-01 | 2016-11-15 | Covidien Lp | Remote monitoring systems and methods for medical devices |
US9497338B2 (en) | 2013-01-03 | 2016-11-15 | Samsung Electronics Co., Ltd. | Image forming apparatus supporting near field communication (NFC) function and method of setting an image job using NFC device |
US20160344559A1 (en) * | 2015-05-22 | 2016-11-24 | Motorola Solutions, Inc | Method and apparatus for initial certificate enrollment in a wireless communication system |
US9519772B2 (en) | 2008-11-26 | 2016-12-13 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
EP2509296B1 (en) * | 2011-04-04 | 2017-01-18 | Telia Company AB | A system and a method for managing a subscription for a data communications network |
US9560425B2 (en) | 2008-11-26 | 2017-01-31 | Free Stream Media Corp. | Remotely control devices over a network without authentication or registration |
US9565513B1 (en) * | 2015-03-02 | 2017-02-07 | Thirdwayv, Inc. | Systems and methods for providing long-range network services to short-range wireless devices |
US9569770B1 (en) | 2009-01-13 | 2017-02-14 | Amazon Technologies, Inc. | Generating constructed phrases |
US20170061404A1 (en) * | 2015-07-15 | 2017-03-02 | NXT-ID, Inc. | System and Method to Personalize Products and Services |
US9596007B2 (en) | 2012-08-03 | 2017-03-14 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9609690B2 (en) | 2013-03-28 | 2017-03-28 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9613219B2 (en) | 2011-11-10 | 2017-04-04 | Blackberry Limited | Managing cross perimeter access |
US9661667B2 (en) | 2012-08-03 | 2017-05-23 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9665864B2 (en) * | 2010-05-21 | 2017-05-30 | Intel Corporation | Method and device for conducting trusted remote payment transactions |
US9698975B2 (en) | 2012-02-15 | 2017-07-04 | Blackberry Limited | Key management on device for perimeters |
US9696956B2 (en) | 2012-07-03 | 2017-07-04 | Brother Kogyo Kabushiki Kaisha | Communication device communicating target data with external device according to near field communication |
US20170220791A1 (en) * | 2014-02-14 | 2017-08-03 | Ntt Docomo, Inc. | Terminal device, authentication information management method, and authentication information management system |
US20170237472A1 (en) | 2012-03-30 | 2017-08-17 | Brother Kogyo Kabushiki Kaisha | Communication Device |
US9848058B2 (en) | 2007-08-31 | 2017-12-19 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network employing dynamic communication link mapping |
US20180053179A1 (en) * | 2012-08-21 | 2018-02-22 | Bankinter S.A. | Method and System to Enable Mobile Contactless Ticketing/Payments Via a Mobile Phone Application |
US9940449B2 (en) * | 2009-09-21 | 2018-04-10 | James McNulty | Secure information storage and retrieval apparatus and method |
US9961388B2 (en) | 2008-11-26 | 2018-05-01 | David Harrison | Exposure of public internet protocol addresses in an advertising exchange server to improve relevancy of advertisements |
US9967055B2 (en) | 2011-08-08 | 2018-05-08 | Blackberry Limited | System and method to increase link adaptation performance with multi-level feedback |
US9979625B2 (en) | 2014-02-05 | 2018-05-22 | Apple Inc. | Uniform communication protocols for communication between controllers and accessories |
US9986279B2 (en) | 2008-11-26 | 2018-05-29 | Free Stream Media Corp. | Discovery, access control, and communication with networked services |
US10007712B1 (en) | 2009-08-20 | 2018-06-26 | Amazon Technologies, Inc. | Enforcing user-specified rules |
US10079912B2 (en) | 2007-07-27 | 2018-09-18 | Blackberry Limited | Wireless communication system installation |
EP2791782B1 (en) | 2011-12-15 | 2018-10-03 | Becton, Dickinson and Company | Near field telemetry link for passing a shared secret to establish a secure radio frequency communication link in a physiological condition monitoring system |
US10104549B2 (en) * | 2016-09-30 | 2018-10-16 | Mitsubishi Electric Corporation | Network provisioning system and method for collection of endpoints |
US20180332556A1 (en) * | 2012-03-12 | 2018-11-15 | Blackberry Limited | Wireless Local Area Network Hotspot Registration Using Near Field Communications |
US10142014B2 (en) | 2013-09-30 | 2018-11-27 | Brother Kogyo Kabushiki Kaisha | Multi-function device and terminal device |
US20190043022A1 (en) * | 2012-05-21 | 2019-02-07 | Nexiden, Inc. | Secure registration and authentication of a user using a mobile device |
US10206170B2 (en) | 2015-02-05 | 2019-02-12 | Apple Inc. | Dynamic connection path detection and selection for wireless controllers and accessories |
WO2019036727A1 (en) * | 2017-08-15 | 2019-02-21 | Qualcomm Incorporated | Provisioning a device for use in a personal area network |
US10278045B2 (en) | 2014-05-30 | 2019-04-30 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US20190132314A1 (en) * | 2017-10-30 | 2019-05-02 | EMC IP Holding Company LLC | Systems and methods of serverless management of data mobility domains |
US10334324B2 (en) | 2008-11-26 | 2019-06-25 | Free Stream Media Corp. | Relevant advertisement generation based on a user operating a client device communicatively coupled with a networked media device |
US10404472B2 (en) | 2016-05-05 | 2019-09-03 | Neustar, Inc. | Systems and methods for enabling trusted communications between entities |
US10419541B2 (en) | 2008-11-26 | 2019-09-17 | Free Stream Media Corp. | Remotely control devices over a network without authentication or registration |
US10454783B2 (en) | 2014-02-05 | 2019-10-22 | Apple Inc. | Accessory management system using environment model |
US10462409B2 (en) | 2007-12-28 | 2019-10-29 | Google Technology Holdings LLC | Method for collecting media associated with a mobile device |
US10496508B2 (en) | 2017-06-02 | 2019-12-03 | Apple Inc. | Accessory communication control |
US10560491B2 (en) | 2015-02-05 | 2020-02-11 | Xiaomi Inc. | Methods and apparatuses for binding with device |
US10567823B2 (en) | 2008-11-26 | 2020-02-18 | Free Stream Media Corp. | Relevant advertisement generation based on a user operating a client device communicatively coupled with a networked media device |
US10579987B2 (en) * | 2013-08-30 | 2020-03-03 | Thales Dis France Sa | Method for authenticating transactions |
US10595073B2 (en) | 2018-06-03 | 2020-03-17 | Apple Inc. | Techniques for authorizing controller devices |
US10631068B2 (en) | 2008-11-26 | 2020-04-21 | Free Stream Media Corp. | Content exposure attribution based on renderings of related content across multiple devices |
WO2020081618A1 (en) * | 2018-10-16 | 2020-04-23 | Thierry Charles Hubert | Proximity electronic credit exchange system and method thereof |
US10880340B2 (en) | 2008-11-26 | 2020-12-29 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US20210006597A1 (en) * | 2018-02-13 | 2021-01-07 | Fingerprint Cards Ab | Registration of data at a sensor reader and request of data at the sensor reader |
US10958725B2 (en) | 2016-05-05 | 2021-03-23 | Neustar, Inc. | Systems and methods for distributing partial data to subnetworks |
US10977693B2 (en) | 2008-11-26 | 2021-04-13 | Free Stream Media Corp. | Association of content identifier of audio-visual data with additional data through capture infrastructure |
US10999265B2 (en) * | 2017-11-15 | 2021-05-04 | Team One International Holding Pte Ltd. | Method and system for deploying wireless IoT sensor nodes |
US11025428B2 (en) | 2016-05-05 | 2021-06-01 | Neustar, Inc. | Systems and methods for enabling trusted communications between controllers |
US11025439B2 (en) * | 2017-08-30 | 2021-06-01 | Raytheon Company | Self-organizing mobile peer-to-peer mesh network authentication |
US11108562B2 (en) | 2016-05-05 | 2021-08-31 | Neustar, Inc. | Systems and methods for verifying a route taken by a communication |
US11138573B2 (en) * | 2011-10-25 | 2021-10-05 | Isi Corporation | Electronic money transfer payment method and system for same |
US11190824B2 (en) * | 2009-12-31 | 2021-11-30 | Cable Television Laboratories, Inc. | Zero sign-on authentication |
US20210377311A1 (en) * | 2016-12-29 | 2021-12-02 | Maxlinear, Inc. | Establishment of network connections |
US11277439B2 (en) | 2016-05-05 | 2022-03-15 | Neustar, Inc. | Systems and methods for mitigating and/or preventing distributed denial-of-service attacks |
US11570168B2 (en) * | 2019-09-17 | 2023-01-31 | Mastercard International Incorporated | Techniques for repeat authentication |
WO2023141493A3 (en) * | 2022-01-20 | 2023-08-24 | Ping Identity Corporation | Method and apparatus for secure authentication based on proximity |
US11805009B2 (en) | 2018-06-03 | 2023-10-31 | Apple Inc. | Configuring accessory network connections |
Families Citing this family (73)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9020854B2 (en) | 2004-03-08 | 2015-04-28 | Proxense, Llc | Linked account system using personal digital key (PDK-LAS) |
RU2007127725A (en) | 2004-12-20 | 2009-01-27 | ПРОКСЕНС, ЭлЭлСи (US) | PERSONAL DATA (PDK) AUTHENTICATION BY BIOMETRIC KEY |
US8112787B2 (en) * | 2005-12-31 | 2012-02-07 | Broadcom Corporation | System and method for securing a credential via user and server verification |
US8219129B2 (en) | 2006-01-06 | 2012-07-10 | Proxense, Llc | Dynamic real-time tiered client access |
US11206664B2 (en) | 2006-01-06 | 2021-12-21 | Proxense, Llc | Wireless network synchronization of cells and client devices on a network |
US7904718B2 (en) | 2006-05-05 | 2011-03-08 | Proxense, Llc | Personal digital key differentiation for secure transactions |
US9269221B2 (en) | 2006-11-13 | 2016-02-23 | John J. Gobbi | Configuration of interfaces for a location detection system and application |
WO2009062194A1 (en) | 2007-11-09 | 2009-05-14 | Proxense, Llc | Proximity-sensor supporting multiple application services |
US8171528B1 (en) | 2007-12-06 | 2012-05-01 | Proxense, Llc | Hybrid device having a personal digital key and receiver-decoder circuit and methods of use |
US9251332B2 (en) | 2007-12-19 | 2016-02-02 | Proxense, Llc | Security system and method for controlling access to computing resources |
US8508336B2 (en) | 2008-02-14 | 2013-08-13 | Proxense, Llc | Proximity-based healthcare management system with automatic access to private information |
US11120449B2 (en) | 2008-04-08 | 2021-09-14 | Proxense, Llc | Automated service-based order processing |
JP4894826B2 (en) * | 2008-07-14 | 2012-03-14 | ソニー株式会社 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, NOTIFICATION METHOD, AND PROGRAM |
US20100064350A1 (en) * | 2008-09-08 | 2010-03-11 | Qualcomm Incorporated | Apparatus and Method for Secure Affinity Group Management |
US9596989B2 (en) | 2009-03-12 | 2017-03-21 | Raytheon Company | Networked symbiotic edge user infrastructure |
JP5666568B2 (en) * | 2009-05-22 | 2015-02-12 | ネーデルランデ オルガニサチエ ヴォール トエゲパスト−ナツールウェテンスハペリエク オンデルゾエク ティーエヌオーNederlandse Organisatie Voor Toegepast−Natuurwetenschappelijk Onderzoek Tno | Device identification system proxy server |
WO2010134817A2 (en) * | 2009-05-22 | 2010-11-25 | Nederlandse Organisatie Voor Toegepast- Natuurwetenschappelijk Onderzoek Tno | Servers for device identification services |
CN101572705B (en) * | 2009-06-08 | 2012-02-01 | 西安西电捷通无线网络通信股份有限公司 | System and method for realizing bi-directional platform authentication |
CN101656960A (en) * | 2009-09-16 | 2010-02-24 | 中兴通讯股份有限公司 | Point-to-point communication method based on near field communication and near field communication device |
EP2315465A1 (en) * | 2009-10-20 | 2011-04-27 | ETH Zurich | Method for secure communication between devices |
US11164672B2 (en) | 2010-01-22 | 2021-11-02 | Deka Products Limited Partnership | System and apparatus for electronic patient care |
US11244745B2 (en) | 2010-01-22 | 2022-02-08 | Deka Products Limited Partnership | Computer-implemented method, system, and apparatus for electronic patient care |
US11210611B2 (en) | 2011-12-21 | 2021-12-28 | Deka Products Limited Partnership | System, method, and apparatus for electronic patient care |
US10911515B2 (en) | 2012-05-24 | 2021-02-02 | Deka Products Limited Partnership | System, method, and apparatus for electronic patient care |
US20110313789A1 (en) | 2010-01-22 | 2011-12-22 | Deka Products Limited Partnership | Electronic patient monitoring system |
US11881307B2 (en) | 2012-05-24 | 2024-01-23 | Deka Products Limited Partnership | System, method, and apparatus for electronic patient care |
US10453157B2 (en) | 2010-01-22 | 2019-10-22 | Deka Products Limited Partnership | System, method, and apparatus for electronic patient care |
US9418205B2 (en) | 2010-03-15 | 2016-08-16 | Proxense, Llc | Proximity-based system for automatic application or data access and item tracking |
EP2561640A1 (en) * | 2010-04-21 | 2013-02-27 | ETH Zurich | Authenticated key exchange using distance bounding protocol |
US9274594B2 (en) * | 2010-05-28 | 2016-03-01 | Microsoft Technology Licensing, Llc | Cloud-based personal trait profile data |
US9322974B1 (en) | 2010-07-15 | 2016-04-26 | Proxense, Llc. | Proximity-based system for object tracking |
US8068011B1 (en) | 2010-08-27 | 2011-11-29 | Q Street, LLC | System and method for interactive user-directed interfacing between handheld devices and RFID media |
JP5361833B2 (en) * | 2010-09-16 | 2013-12-04 | 株式会社東芝 | Communication apparatus and communication method |
US8897198B2 (en) | 2011-01-14 | 2014-11-25 | Covidien Lp | Medical device wireless network architectures |
US8855550B2 (en) | 2011-01-14 | 2014-10-07 | Covidien Lp | Wireless relay module having emergency call functionality |
US9020419B2 (en) | 2011-01-14 | 2015-04-28 | Covidien, LP | Wireless relay module for remote monitoring systems having power and medical device proximity monitoring functionality |
US8694600B2 (en) | 2011-03-01 | 2014-04-08 | Covidien Lp | Remote monitoring systems for monitoring medical devices via wireless communication networks |
US9265450B1 (en) | 2011-02-21 | 2016-02-23 | Proxense, Llc | Proximity-based system for object tracking and automatic application initialization |
CA2827866C (en) * | 2011-02-25 | 2016-07-12 | Blackberry Limited | Determining device in-range proximity |
WO2012114160A1 (en) | 2011-02-25 | 2012-08-30 | Research In Motion Limited | Inter-device session connectivity enhancement |
DE102011002128B4 (en) * | 2011-04-18 | 2021-07-15 | Huf Hülsbeck & Fürst Gmbh & Co. Kg | ID transmitter for a motor vehicle access system with a removable NFC module |
KR101324194B1 (en) * | 2011-07-14 | 2013-11-06 | 아이테크 도쿄 코포레이션 | Mobile terminal for transmitting and receiving contents, system for transmitting and receiving contents and method for transmitting and receiving contents |
US9520918B2 (en) | 2011-12-16 | 2016-12-13 | Intel Corporation | Login via near field communication with automatically generated login information |
KR101844211B1 (en) * | 2011-12-28 | 2018-05-15 | 삼성전자주식회사 | Network system of home appliance and network set up method the same |
KR101904036B1 (en) * | 2012-01-06 | 2018-11-30 | 삼성전자주식회사 | Apparatus and method for near field communications security |
TWI528766B (en) * | 2012-02-05 | 2016-04-01 | 財團法人資訊工業策進會 | Direct mode communication system and discovery interactive method thereof |
FR2987529B1 (en) * | 2012-02-27 | 2014-03-14 | Morpho | METHOD FOR VERIFYING IDENTITY OF A USER OF A COMMUNICATING TERMINAL AND ASSOCIATED SYSTEM |
US9642005B2 (en) * | 2012-05-21 | 2017-05-02 | Nexiden, Inc. | Secure authentication of a user using a mobile device |
US9521548B2 (en) * | 2012-05-21 | 2016-12-13 | Nexiden, Inc. | Secure registration of a mobile device for use with a session |
CN104620245A (en) | 2012-09-13 | 2015-05-13 | 柯惠有限合伙公司 | Docking station for enteral feeding pump |
CN103796203A (en) * | 2012-11-02 | 2014-05-14 | 鸿富锦精密工业(武汉)有限公司 | Wi-Fi service and NFC mechanism application system and method |
US20140187147A1 (en) * | 2012-12-27 | 2014-07-03 | Haim Rochberger | Method and system of generating nfc-transaction remotely |
US9398050B2 (en) | 2013-02-01 | 2016-07-19 | Vidder, Inc. | Dynamically configured connection to a trust broker |
US9606619B2 (en) * | 2013-02-13 | 2017-03-28 | Nokia Technologies Oy | Method and apparatus for accepting third-party use of services based on touch selection |
KR101426197B1 (en) * | 2013-02-20 | 2014-08-01 | 여윤영 | a modeling mold of rice ball |
WO2014183106A2 (en) | 2013-05-10 | 2014-11-13 | Proxense, Llc | Secure element as a digital pocket |
EP3014916A1 (en) * | 2013-06-28 | 2016-05-04 | Nec Corporation | Secure group creation in proximity based service communication |
US9287935B2 (en) * | 2013-08-01 | 2016-03-15 | Blackberry Limited | Method and apparatus for anti-eavesdropping in vunerable NFC applications |
KR20150017848A (en) * | 2013-08-08 | 2015-02-23 | 삼성전자주식회사 | METHOD AND APPARATUS FOR CONNECT TO Wi-Fi DIRECT |
USD746441S1 (en) | 2013-09-13 | 2015-12-29 | Covidien Lp | Pump |
US9363264B2 (en) | 2013-11-25 | 2016-06-07 | At&T Intellectual Property I, L.P. | Networked device access control |
EP2890191B1 (en) * | 2013-12-30 | 2017-10-11 | Deutsche Telekom AG | Method for secure communication in a communication network |
JP6269374B2 (en) * | 2014-07-30 | 2018-01-31 | 株式会社Jvcケンウッド | Terminal device, communication system, communication method |
EP3010196A1 (en) | 2014-10-14 | 2016-04-20 | Motorola Solutions, Inc. | Method and systems for adding a mobile radio to a talkgroup |
EP3018922B1 (en) | 2014-11-10 | 2017-07-19 | Motorola Solutions, Inc. | Apparatus and Method for selectively routing group communications amongst multiple networks |
EP3018877B1 (en) | 2014-11-10 | 2018-01-10 | Motorola Solutions, Inc. | Methods and systems for joining a sub-talkgroup of a first talkgroup |
US9882906B2 (en) | 2014-12-12 | 2018-01-30 | International Business Machines Corporation | Recommendation schema for storing data in a shared data storage network |
US9774571B2 (en) | 2015-03-10 | 2017-09-26 | Microsoft Technology Licensing, Llc | Automatic provisioning of meeting room device |
US20160269409A1 (en) | 2015-03-13 | 2016-09-15 | Microsoft Technology Licensing, Llc | Meeting Join for Meeting Device |
US10469262B1 (en) | 2016-01-27 | 2019-11-05 | Verizon Patent ad Licensing Inc. | Methods and systems for network security using a cryptographic firewall |
US10554480B2 (en) | 2017-05-11 | 2020-02-04 | Verizon Patent And Licensing Inc. | Systems and methods for maintaining communication links |
BR102018016532A2 (en) * | 2018-08-13 | 2020-03-10 | Marcelo Goulart Tozatto | SYSTEM AND METHOD OF MONITORING AND MANAGEMENT OF INTERACTIONS BETWEEN LIVING AND / OR INANIMATED ENTITIES |
KR102398979B1 (en) * | 2020-11-16 | 2022-05-25 | 주식회사 화컴 | Method and system for allowing host device access to edge server in providing iot community service using beacon |
Citations (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5887063A (en) * | 1995-07-28 | 1999-03-23 | Hewlett-Packard Company | Communication system for portable appliances |
US20010007815A1 (en) * | 1999-12-17 | 2001-07-12 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for establishing a short-range radio link |
WO2001099369A2 (en) * | 2000-06-20 | 2001-12-27 | Koninklijke Philips Electronics N.V. | Method and system for electronic device authentication |
US20030149874A1 (en) * | 2002-02-06 | 2003-08-07 | Xerox Corporation | Systems and methods for authenticating communications in a network medium |
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
US20040161111A1 (en) * | 2003-02-19 | 2004-08-19 | Sherman Nathan C. | Optical out-of-band key distribution |
US20040235568A1 (en) * | 2003-05-19 | 2004-11-25 | Samsung Electronics Co., Ltd. | Mobile game system and method |
US20050109841A1 (en) * | 2003-11-17 | 2005-05-26 | Ryan Dennis J. | Multi-interface compact personal token apparatus and methods of use |
US20050215233A1 (en) * | 2004-03-23 | 2005-09-29 | Motorola, Inc. | System and method for authenticating wireless device with fixed station |
US20050239438A1 (en) * | 2004-04-27 | 2005-10-27 | Nokia Corporation | Method and system for providing security in proximity and Ad-Hoc networks |
US20050287950A1 (en) * | 2004-06-23 | 2005-12-29 | Jan-Willem Helden | Method and apparatus for pairing and configuring wireless devices |
US7027773B1 (en) * | 1999-05-28 | 2006-04-11 | Afx Technology Group International, Inc. | On/off keying node-to-node messaging transceiver network with dynamic routing and configuring |
US20060085844A1 (en) * | 2004-10-20 | 2006-04-20 | Mark Buer | User authentication system |
US20060105712A1 (en) * | 2004-11-12 | 2006-05-18 | Microsoft Corporation | Wireless device support for electronic devices |
US20060178131A1 (en) * | 2005-02-07 | 2006-08-10 | Huotari Allen J | Key distribution for wireless devices |
US20060219776A1 (en) * | 2003-11-17 | 2006-10-05 | Dpd Patent Trust | Rfid reader with multiple interfaces |
US20060234631A1 (en) * | 2005-04-15 | 2006-10-19 | Jorge Dieguez | System and method for generation of interest -based wide area virtual network connections |
US20060251256A1 (en) * | 2005-04-04 | 2006-11-09 | Nokia Corporation | Administration of wireless local area networks |
US20060253894A1 (en) * | 2004-04-30 | 2006-11-09 | Peter Bookman | Mobility device platform |
US20060258289A1 (en) * | 2005-05-12 | 2006-11-16 | Robin Dua | Wireless media system and player and method of operation |
US20070178882A1 (en) * | 2006-01-31 | 2007-08-02 | Teunissen Harold W A | Method for secure authentication of mobile devices |
US20070194945A1 (en) * | 2004-12-07 | 2007-08-23 | Paul Atkinson | Mobile Device for Selectively Activating a Target and Method of Using Same |
US20070197261A1 (en) * | 2004-03-19 | 2007-08-23 | Humbel Roger M | Mobile Telephone All In One Remote Key Or Software Regulating Card For Radio Bicycle Locks, Cars, Houses, And Rfid Tags, With Authorisation And Payment Function |
US20070204149A1 (en) * | 2002-08-30 | 2007-08-30 | Xerox Corporation | Apparatus and methods for providing secured communication |
US20070277230A1 (en) * | 2001-11-12 | 2007-11-29 | Palm, Inc. | System and method for providing secured access to mobile devices |
US20070274241A1 (en) * | 2006-05-25 | 2007-11-29 | Sony Ericsson Mobile Communications Ab | Method and apparatus for accessing network isolated devices |
US7350230B2 (en) * | 2002-12-18 | 2008-03-25 | Ncr Corporation | Wireless security module |
US20080172340A1 (en) * | 2007-01-15 | 2008-07-17 | Thomas Karlsson | Method and system for carrying out a transaction between a mobile device and a terminal |
US20080219227A1 (en) * | 2007-02-23 | 2008-09-11 | Oliver Michaelis | Method and Apparatus to Create Multicast Groups Based on Proximity |
US20080220878A1 (en) * | 2007-02-23 | 2008-09-11 | Oliver Michaelis | Method and Apparatus to Create or Join Gaming Sessions Based on Proximity |
US20090049556A1 (en) * | 2006-02-22 | 2009-02-19 | Koninklijke Philips Electronics N.V. | Method for redistributing drm protected content |
US20090144815A1 (en) * | 2004-11-01 | 2009-06-04 | Koninklijke Philips Electronics, N.V. | Access to domain |
US20090265775A1 (en) * | 2005-03-31 | 2009-10-22 | British Telecommunications Public Limited Company | Proximity Based Authentication Using Tokens |
US7653037B2 (en) * | 2005-09-28 | 2010-01-26 | Qualcomm Incorporated | System and method for distributing wireless network access parameters |
US7797535B2 (en) * | 2004-11-08 | 2010-09-14 | Canon Kabushiki Kaisha | Authentication method and system, and information processing method and apparatus |
US7925022B2 (en) * | 2005-05-23 | 2011-04-12 | The Invention Science Fund I, Llc | Device pairing via device to device contact |
US8056117B2 (en) * | 2005-02-18 | 2011-11-08 | Samsung Electronics Co., Ltd. | Network and domain-creating method thereof |
US8281144B2 (en) * | 2006-01-09 | 2012-10-02 | Samsung Electronics Co., Ltd. | Ownership sharing method and apparatus using secret key in home network remote controller |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001073575A1 (en) | 2000-03-27 | 2001-10-04 | In2M.Com Corporation | Methods and apparatus for wireless point-of-sale transactions |
US20060179303A1 (en) * | 2002-06-13 | 2006-08-10 | Vodafone Group Plc | Network security |
JP2004118488A (en) | 2002-09-26 | 2004-04-15 | Minolta Co Ltd | Network device |
EP1590917B1 (en) * | 2003-01-28 | 2010-12-15 | Cellport Systems, Inc. | A system and a method for controlling use by applications of proprietary resources within a secure telematics system in a vehicle |
US7411491B2 (en) | 2003-06-06 | 2008-08-12 | Koninklijke Philips Electronics N.V. | Method of controlling wireless data transmission by switching between short-range and long-range radio technologies |
US7466678B2 (en) * | 2003-12-29 | 2008-12-16 | Lenovo (Singapore) Pte. Ltd. | System and method for passive scanning of authorized wireless channels |
EP1763946B1 (en) * | 2004-06-29 | 2008-11-26 | Koninklijke Philips Electronics N.V. | System and methods for efficient authentication of medical wireless ad hoc network nodes |
FR2886753B1 (en) | 2005-06-06 | 2007-09-07 | Customer Product Relationship | DEVICE AND METHOD FOR ADVANCING THE PRESENCE OF AN INDIVIDUAL IN A PLACE GIVEN TO A GIVEN INSTANT |
-
2008
- 2008-02-21 US US12/035,309 patent/US8522019B2/en not_active Expired - Fee Related
- 2008-02-25 EP EP08730658A patent/EP2126854A2/en not_active Withdrawn
- 2008-02-25 CN CN2008800056438A patent/CN101617346B/en not_active Expired - Fee Related
- 2008-02-25 KR KR1020097019889A patent/KR101216545B1/en active IP Right Grant
- 2008-02-25 JP JP2009550633A patent/JP2010519640A/en not_active Withdrawn
- 2008-02-25 WO PCT/US2008/054900 patent/WO2008103991A2/en active Application Filing
-
2012
- 2012-08-07 JP JP2012174991A patent/JP5415600B2/en not_active Expired - Fee Related
Patent Citations (41)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5887063A (en) * | 1995-07-28 | 1999-03-23 | Hewlett-Packard Company | Communication system for portable appliances |
US6772331B1 (en) * | 1999-05-21 | 2004-08-03 | International Business Machines Corporation | Method and apparatus for exclusively pairing wireless devices |
US7027773B1 (en) * | 1999-05-28 | 2006-04-11 | Afx Technology Group International, Inc. | On/off keying node-to-node messaging transceiver network with dynamic routing and configuring |
US20010007815A1 (en) * | 1999-12-17 | 2001-07-12 | Telefonaktiebolaget L M Ericsson (Publ) | Method and system for establishing a short-range radio link |
WO2001099369A2 (en) * | 2000-06-20 | 2001-12-27 | Koninklijke Philips Electronics N.V. | Method and system for electronic device authentication |
US7136999B1 (en) * | 2000-06-20 | 2006-11-14 | Koninklijke Philips Electronics N.V. | Method and system for electronic device authentication |
US20070277230A1 (en) * | 2001-11-12 | 2007-11-29 | Palm, Inc. | System and method for providing secured access to mobile devices |
US20030149874A1 (en) * | 2002-02-06 | 2003-08-07 | Xerox Corporation | Systems and methods for authenticating communications in a network medium |
US20060174116A1 (en) * | 2002-02-06 | 2006-08-03 | Xerox Corporation | Systems and methods for authenticating communications in a network medium |
US20070204149A1 (en) * | 2002-08-30 | 2007-08-30 | Xerox Corporation | Apparatus and methods for providing secured communication |
US7350230B2 (en) * | 2002-12-18 | 2008-03-25 | Ncr Corporation | Wireless security module |
US20040161111A1 (en) * | 2003-02-19 | 2004-08-19 | Sherman Nathan C. | Optical out-of-band key distribution |
US20040235568A1 (en) * | 2003-05-19 | 2004-11-25 | Samsung Electronics Co., Ltd. | Mobile game system and method |
US7597250B2 (en) * | 2003-11-17 | 2009-10-06 | Dpd Patent Trust Ltd. | RFID reader with multiple interfaces |
US20050109841A1 (en) * | 2003-11-17 | 2005-05-26 | Ryan Dennis J. | Multi-interface compact personal token apparatus and methods of use |
US20060219776A1 (en) * | 2003-11-17 | 2006-10-05 | Dpd Patent Trust | Rfid reader with multiple interfaces |
US20070197261A1 (en) * | 2004-03-19 | 2007-08-23 | Humbel Roger M | Mobile Telephone All In One Remote Key Or Software Regulating Card For Radio Bicycle Locks, Cars, Houses, And Rfid Tags, With Authorisation And Payment Function |
US20050215233A1 (en) * | 2004-03-23 | 2005-09-29 | Motorola, Inc. | System and method for authenticating wireless device with fixed station |
US20050239438A1 (en) * | 2004-04-27 | 2005-10-27 | Nokia Corporation | Method and system for providing security in proximity and Ad-Hoc networks |
US20060253894A1 (en) * | 2004-04-30 | 2006-11-09 | Peter Bookman | Mobility device platform |
US20050287950A1 (en) * | 2004-06-23 | 2005-12-29 | Jan-Willem Helden | Method and apparatus for pairing and configuring wireless devices |
US20060085844A1 (en) * | 2004-10-20 | 2006-04-20 | Mark Buer | User authentication system |
US20090144815A1 (en) * | 2004-11-01 | 2009-06-04 | Koninklijke Philips Electronics, N.V. | Access to domain |
US7797535B2 (en) * | 2004-11-08 | 2010-09-14 | Canon Kabushiki Kaisha | Authentication method and system, and information processing method and apparatus |
US20060105712A1 (en) * | 2004-11-12 | 2006-05-18 | Microsoft Corporation | Wireless device support for electronic devices |
US20070194945A1 (en) * | 2004-12-07 | 2007-08-23 | Paul Atkinson | Mobile Device for Selectively Activating a Target and Method of Using Same |
US20060178131A1 (en) * | 2005-02-07 | 2006-08-10 | Huotari Allen J | Key distribution for wireless devices |
US8056117B2 (en) * | 2005-02-18 | 2011-11-08 | Samsung Electronics Co., Ltd. | Network and domain-creating method thereof |
US20090265775A1 (en) * | 2005-03-31 | 2009-10-22 | British Telecommunications Public Limited Company | Proximity Based Authentication Using Tokens |
US20060251256A1 (en) * | 2005-04-04 | 2006-11-09 | Nokia Corporation | Administration of wireless local area networks |
US20060234631A1 (en) * | 2005-04-15 | 2006-10-19 | Jorge Dieguez | System and method for generation of interest -based wide area virtual network connections |
US20060258289A1 (en) * | 2005-05-12 | 2006-11-16 | Robin Dua | Wireless media system and player and method of operation |
US7925022B2 (en) * | 2005-05-23 | 2011-04-12 | The Invention Science Fund I, Llc | Device pairing via device to device contact |
US7653037B2 (en) * | 2005-09-28 | 2010-01-26 | Qualcomm Incorporated | System and method for distributing wireless network access parameters |
US8281144B2 (en) * | 2006-01-09 | 2012-10-02 | Samsung Electronics Co., Ltd. | Ownership sharing method and apparatus using secret key in home network remote controller |
US20070178882A1 (en) * | 2006-01-31 | 2007-08-02 | Teunissen Harold W A | Method for secure authentication of mobile devices |
US20090049556A1 (en) * | 2006-02-22 | 2009-02-19 | Koninklijke Philips Electronics N.V. | Method for redistributing drm protected content |
US20070274241A1 (en) * | 2006-05-25 | 2007-11-29 | Sony Ericsson Mobile Communications Ab | Method and apparatus for accessing network isolated devices |
US20080172340A1 (en) * | 2007-01-15 | 2008-07-17 | Thomas Karlsson | Method and system for carrying out a transaction between a mobile device and a terminal |
US20080220878A1 (en) * | 2007-02-23 | 2008-09-11 | Oliver Michaelis | Method and Apparatus to Create or Join Gaming Sessions Based on Proximity |
US20080219227A1 (en) * | 2007-02-23 | 2008-09-11 | Oliver Michaelis | Method and Apparatus to Create Multicast Groups Based on Proximity |
Cited By (354)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8893266B2 (en) | 2002-08-19 | 2014-11-18 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US8544084B2 (en) | 2002-08-19 | 2013-09-24 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US10999282B2 (en) | 2002-08-19 | 2021-05-04 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US10015168B2 (en) | 2002-08-19 | 2018-07-03 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US8661531B2 (en) | 2002-08-19 | 2014-02-25 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US10298584B2 (en) | 2002-08-19 | 2019-05-21 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US9998466B2 (en) | 2002-08-19 | 2018-06-12 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US9391992B2 (en) | 2002-08-19 | 2016-07-12 | Blackberry Limited | System and method for secure control of resources of wireless mobile communication devices |
US20050213763A1 (en) * | 2002-08-19 | 2005-09-29 | Owen Russell N | System and method for secure control of resources of wireless mobile communication devices |
US9137668B2 (en) | 2004-02-26 | 2015-09-15 | Blackberry Limited | Computing device with environment aware features |
USRE49721E1 (en) | 2004-04-30 | 2023-11-07 | Blackberry Limited | System and method for handling data transfers |
USRE46083E1 (en) | 2004-04-30 | 2016-07-26 | Blackberry Limited | System and method for handling data transfers |
USRE48679E1 (en) | 2004-04-30 | 2021-08-10 | Blackberry Limited | System and method for handling data transfers |
USRE44746E1 (en) | 2004-04-30 | 2014-02-04 | Blackberry Limited | System and method for handling data transfers |
US9282099B2 (en) | 2005-06-29 | 2016-03-08 | Blackberry Limited | System and method for privilege management and revocation |
US9734308B2 (en) | 2005-06-29 | 2017-08-15 | Blackberry Limited | Privilege management and revocation |
US10515195B2 (en) | 2005-06-29 | 2019-12-24 | Blackberry Limited | Privilege management and revocation |
US9418040B2 (en) * | 2005-07-07 | 2016-08-16 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US20160323153A1 (en) * | 2005-07-07 | 2016-11-03 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US20160323139A1 (en) * | 2005-07-07 | 2016-11-03 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US20100094981A1 (en) * | 2005-07-07 | 2010-04-15 | Cordray Christopher G | Dynamically Deployable Self Configuring Distributed Network Management System |
US10237140B2 (en) * | 2005-07-07 | 2019-03-19 | Sciencelogic, Inc. | Network management method using specification authorizing network task management software to operate on specified task management hardware computing components |
US10230588B2 (en) * | 2005-07-07 | 2019-03-12 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system using a trust domain specification to authorize execution of network collection software on hardware components |
US10230587B2 (en) * | 2005-07-07 | 2019-03-12 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system with specification defining trust domain membership and/or privileges and data management computing component |
US10225157B2 (en) * | 2005-07-07 | 2019-03-05 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system and method having execution authorization based on a specification defining trust domain membership and/or privileges |
US20160323152A1 (en) * | 2005-07-07 | 2016-11-03 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US20160380842A1 (en) * | 2005-07-07 | 2016-12-29 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US8086677B2 (en) * | 2007-07-27 | 2011-12-27 | Research In Motion Limited | Information exchange in wireless servers |
US8352550B2 (en) | 2007-07-27 | 2013-01-08 | Research In Motion Limited | Wireless communication systems |
US20090030995A1 (en) * | 2007-07-27 | 2009-01-29 | Jesse Boudreau | Wireless communication systems |
US10079912B2 (en) | 2007-07-27 | 2018-09-18 | Blackberry Limited | Wireless communication system installation |
US20090034463A1 (en) * | 2007-07-27 | 2009-02-05 | Research In Motion Limited | Method and system for resource sharing |
US8626867B2 (en) | 2007-07-27 | 2014-01-07 | Blackberry Limited | Apparatus and methods for operation of a wireless server |
US20090070429A1 (en) * | 2007-07-27 | 2009-03-12 | Thomas Murphy | Information exchange in wireless servers |
US8832185B2 (en) | 2007-07-27 | 2014-09-09 | Blackberry Limited | Information exchange in wireless servers that bypass external domain servers |
US9137280B2 (en) | 2007-07-27 | 2015-09-15 | Blackberry Limited | Wireless communication systems |
US8965992B2 (en) | 2007-07-27 | 2015-02-24 | Blackberry Limited | Apparatus and methods for coordination of wireless systems |
US9641565B2 (en) | 2007-07-27 | 2017-05-02 | Blackberry Limited | Apparatus and methods for operation of a wireless server |
US8914009B2 (en) | 2007-07-27 | 2014-12-16 | Blackberry Limited | Administration of wireless systems |
US9270682B2 (en) | 2007-07-27 | 2016-02-23 | Blackberry Limited | Administration of policies for wireless devices in a wireless communication system |
US8373556B2 (en) | 2007-08-31 | 2013-02-12 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network |
US9269251B2 (en) | 2007-08-31 | 2016-02-23 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network |
US8515547B2 (en) | 2007-08-31 | 2013-08-20 | Cardiac Pacemakers, Inc. | Wireless patient communicator for use in a life critical network |
US8970392B2 (en) | 2007-08-31 | 2015-03-03 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network |
US8587427B2 (en) | 2007-08-31 | 2013-11-19 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network |
US8818522B2 (en) | 2007-08-31 | 2014-08-26 | Cardiac Pacemakers, Inc. | Wireless patient communicator for use in a life critical network |
US8395498B2 (en) | 2007-08-31 | 2013-03-12 | Cardiac Pacemakers, Inc. | Wireless patient communicator employing security information management |
US7978062B2 (en) | 2007-08-31 | 2011-07-12 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network |
US9848058B2 (en) | 2007-08-31 | 2017-12-19 | Cardiac Pacemakers, Inc. | Medical data transport over wireless life critical network employing dynamic communication link mapping |
US8872916B2 (en) * | 2007-12-28 | 2014-10-28 | Motorolla Mobility LLC | Method for collecting media associated with a mobile device |
US10462409B2 (en) | 2007-12-28 | 2019-10-29 | Google Technology Holdings LLC | Method for collecting media associated with a mobile device |
US20130050484A1 (en) * | 2007-12-28 | 2013-02-28 | Motorola Mobility Llc | Method for Collecting Media Associated with a Mobile Device |
US10666761B2 (en) | 2007-12-28 | 2020-05-26 | Google Technology Holdings LLC | Method for collecting media associated with a mobile device |
US20090271519A1 (en) * | 2008-04-23 | 2009-10-29 | Richard Eric Helvick | Method and system for facilitating group organization using mobile devices |
US7882244B2 (en) * | 2008-04-23 | 2011-02-01 | Sharp Laboratories Of America, Inc. | Method and system for facilitating group organization using mobile devices |
US20110072100A1 (en) * | 2008-05-14 | 2011-03-24 | Airtag | Method for Communicating at Least One Targeted Message from a Service Provider to a User of a Portable Terminal |
US20090292799A1 (en) * | 2008-05-23 | 2009-11-26 | Research In Motion Limited | Remote administration of mobile wireless devices |
US8516095B2 (en) | 2008-05-23 | 2013-08-20 | Research In Motion Limited | Remote administration of mobile wireless devices |
US20100043061A1 (en) * | 2008-08-12 | 2010-02-18 | Philippe Martin | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
US8307410B2 (en) * | 2008-08-12 | 2012-11-06 | Mastercard International Incorporated | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
US8385913B2 (en) | 2008-09-08 | 2013-02-26 | Proxicom Wireless, Llc | Using a first wireless link to exchange identification information used to communicate over a second wireless link |
US20100062746A1 (en) * | 2008-09-08 | 2010-03-11 | Proctor Jr James Arthur | Protocol for anonymous wireless communication |
US9161164B2 (en) | 2008-09-08 | 2015-10-13 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US20110119733A1 (en) * | 2008-09-08 | 2011-05-19 | Proctor Jr James Arthur | Enforcing policies in wireless communication using exchanged identities |
US11334918B2 (en) | 2008-09-08 | 2022-05-17 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US7936736B2 (en) * | 2008-09-08 | 2011-05-03 | Proctor Jr James Arthur | Enforcing policies in wireless communication using exchanged identities |
US8090616B2 (en) | 2008-09-08 | 2012-01-03 | Proctor Jr James Arthur | Visual identification information used as confirmation in a wireless communication |
US9038129B2 (en) | 2008-09-08 | 2015-05-19 | Proxicom Wireless, Llc | Enforcing policies in wireless communication using exchanged identities |
US8090359B2 (en) | 2008-09-08 | 2012-01-03 | Proctor Jr James Arthur | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US11074615B2 (en) | 2008-09-08 | 2021-07-27 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US8116749B2 (en) | 2008-09-08 | 2012-02-14 | Proctor Jr James Arthur | Protocol for anonymous wireless communication |
US20100061294A1 (en) * | 2008-09-08 | 2010-03-11 | Proctor Jr James Arthur | Enforcing policies in wireless communication using exchanged identities |
US8369842B2 (en) | 2008-09-08 | 2013-02-05 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US8370955B2 (en) | 2008-09-08 | 2013-02-05 | Proxicom Wireless, Llc | Enforcing policies in wireless communication using exchanged identities |
US20100063867A1 (en) * | 2008-09-08 | 2010-03-11 | Proctor Jr James Arthur | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US11687971B2 (en) | 2008-09-08 | 2023-06-27 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US8385896B2 (en) | 2008-09-08 | 2013-02-26 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US11443344B2 (en) | 2008-09-08 | 2022-09-13 | Proxicom Wireless Llc | Efficient and secure communication using wireless service identifiers |
US8849698B2 (en) | 2008-09-08 | 2014-09-30 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US20100062758A1 (en) * | 2008-09-08 | 2010-03-11 | Proctor Jr James Arthur | Using a first wireless link to exchange identification information used to communicate over a second wireless link |
US8374592B2 (en) | 2008-09-08 | 2013-02-12 | Proxicom Wireless, Llc | Exchanging identifiers between wireless communication to determine further information to be exchanged or further services to be provided |
US20100063889A1 (en) * | 2008-09-08 | 2010-03-11 | Proctor Jr James Arthur | Visual identification information used as confirmation in a wireless communication |
US11706102B2 (en) | 2008-10-10 | 2023-07-18 | Sciencelogic, Inc. | Dynamically deployable self configuring distributed network management system |
US9838758B2 (en) | 2008-11-26 | 2017-12-05 | David Harrison | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US9961388B2 (en) | 2008-11-26 | 2018-05-01 | David Harrison | Exposure of public internet protocol addresses in an advertising exchange server to improve relevancy of advertisements |
US9986279B2 (en) | 2008-11-26 | 2018-05-29 | Free Stream Media Corp. | Discovery, access control, and communication with networked services |
US9591381B2 (en) | 2008-11-26 | 2017-03-07 | Free Stream Media Corp. | Automated discovery and launch of an application on a network enabled device |
US9519772B2 (en) | 2008-11-26 | 2016-12-13 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US10419541B2 (en) | 2008-11-26 | 2019-09-17 | Free Stream Media Corp. | Remotely control devices over a network without authentication or registration |
US10567823B2 (en) | 2008-11-26 | 2020-02-18 | Free Stream Media Corp. | Relevant advertisement generation based on a user operating a client device communicatively coupled with a networked media device |
US10631068B2 (en) | 2008-11-26 | 2020-04-21 | Free Stream Media Corp. | Content exposure attribution based on renderings of related content across multiple devices |
US9167419B2 (en) | 2008-11-26 | 2015-10-20 | Free Stream Media Corp. | Discovery and launch system and method |
US10771525B2 (en) | 2008-11-26 | 2020-09-08 | Free Stream Media Corp. | System and method of discovery and launch associated with a networked media device |
US10791152B2 (en) | 2008-11-26 | 2020-09-29 | Free Stream Media Corp. | Automatic communications between networked devices such as televisions and mobile devices |
US9560425B2 (en) | 2008-11-26 | 2017-01-31 | Free Stream Media Corp. | Remotely control devices over a network without authentication or registration |
US10334324B2 (en) | 2008-11-26 | 2019-06-25 | Free Stream Media Corp. | Relevant advertisement generation based on a user operating a client device communicatively coupled with a networked media device |
US10425675B2 (en) | 2008-11-26 | 2019-09-24 | Free Stream Media Corp. | Discovery, access control, and communication with networked services |
US10986141B2 (en) | 2008-11-26 | 2021-04-20 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US9686596B2 (en) | 2008-11-26 | 2017-06-20 | Free Stream Media Corp. | Advertisement targeting through embedded scripts in supply-side and demand-side platforms |
US10880340B2 (en) | 2008-11-26 | 2020-12-29 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US9576473B2 (en) | 2008-11-26 | 2017-02-21 | Free Stream Media Corp. | Annotation of metadata through capture infrastructure |
US9154942B2 (en) | 2008-11-26 | 2015-10-06 | Free Stream Media Corp. | Zero configuration communication between a browser and a networked media device |
US9848250B2 (en) | 2008-11-26 | 2017-12-19 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US9706265B2 (en) | 2008-11-26 | 2017-07-11 | Free Stream Media Corp. | Automatic communications between networked devices such as televisions and mobile devices |
US10032191B2 (en) | 2008-11-26 | 2018-07-24 | Free Stream Media Corp. | Advertisement targeting through embedded scripts in supply-side and demand-side platforms |
US9703947B2 (en) | 2008-11-26 | 2017-07-11 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US9589456B2 (en) | 2008-11-26 | 2017-03-07 | Free Stream Media Corp. | Exposure of public internet protocol addresses in an advertising exchange server to improve relevancy of advertisements |
US9258383B2 (en) | 2008-11-26 | 2016-02-09 | Free Stream Media Corp. | Monetization of television audience data across muliple screens of a user watching television |
US9386356B2 (en) | 2008-11-26 | 2016-07-05 | Free Stream Media Corp. | Targeting with television audience data across multiple screens |
US9866925B2 (en) | 2008-11-26 | 2018-01-09 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US9854330B2 (en) | 2008-11-26 | 2017-12-26 | David Harrison | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US10074108B2 (en) | 2008-11-26 | 2018-09-11 | Free Stream Media Corp. | Annotation of metadata through capture infrastructure |
US9716736B2 (en) | 2008-11-26 | 2017-07-25 | Free Stream Media Corp. | System and method of discovery and launch associated with a networked media device |
US10977693B2 (en) | 2008-11-26 | 2021-04-13 | Free Stream Media Corp. | Association of content identifier of audio-visual data with additional data through capture infrastructure |
US9967295B2 (en) | 2008-11-26 | 2018-05-08 | David Harrison | Automated discovery and launch of an application on a network enabled device |
US10142377B2 (en) | 2008-11-26 | 2018-11-27 | Free Stream Media Corp. | Relevancy improvement through targeting of information based on data gathered from a networked device associated with a security sandbox of a client device |
US8627075B2 (en) * | 2008-12-26 | 2014-01-07 | Panasonic Corporation | Communication device that receives external device information from an external device using near field communication |
US9143933B2 (en) | 2008-12-26 | 2015-09-22 | Panasonic Intellectual Property Corporation Of America | Communication device that receives external device information from an external device using near field communication |
US20110007901A1 (en) * | 2008-12-26 | 2011-01-13 | Yoichi Ikeda | Communication device |
US9569770B1 (en) | 2009-01-13 | 2017-02-14 | Amazon Technologies, Inc. | Generating constructed phrases |
US20100217803A1 (en) * | 2009-01-29 | 2010-08-26 | Ivy Biomedical Systems, Inc. | Interface device for communication between a medical device and a computer |
US9081903B2 (en) | 2009-01-29 | 2015-07-14 | Ivy Biomedical Systems, Inc. | Interface device for communication between a medical device and a computer |
US9021059B2 (en) | 2009-02-27 | 2015-04-28 | Blackberry Limited | Data hub server |
US9407686B2 (en) | 2009-02-27 | 2016-08-02 | Blackberry Limited | Device to-device transfer |
US20100223359A1 (en) * | 2009-02-27 | 2010-09-02 | Research In Motion Limited | Device-to-device transfer |
US9313192B2 (en) | 2009-03-04 | 2016-04-12 | Cardiac Pacemakers, Inc. | Communications hub for use in life critical network |
US8638221B2 (en) | 2009-03-04 | 2014-01-28 | Cardiac Pacemakers, Inc. | Modular patient communicator for use in life critical network |
US8319631B2 (en) | 2009-03-04 | 2012-11-27 | Cardiac Pacemakers, Inc. | Modular patient portable communicator for use in life critical network |
US9552722B2 (en) | 2009-03-04 | 2017-01-24 | Cardiac Pacemakers, Inc. | Modular communicator for use in life critical network |
US8812841B2 (en) | 2009-03-04 | 2014-08-19 | Cardiac Pacemakers, Inc. | Communications hub for use in life critical network |
WO2010117556A3 (en) * | 2009-03-31 | 2011-01-13 | Motorola, Inc. | Method and system for propagating trust in an ad hoc wireless communication network |
WO2010117556A2 (en) * | 2009-03-31 | 2010-10-14 | Motorola, Inc. | Method and system for propagating trust in an ad hoc wireless communication network |
US20100257593A1 (en) * | 2009-04-07 | 2010-10-07 | Roy Avelo | Social Networking Platform with Synchronized Communication Device |
US20110004920A1 (en) * | 2009-07-03 | 2011-01-06 | Takeshi Ejima | Wireless communication system, wireless host, and wireless device |
US8365268B2 (en) * | 2009-07-03 | 2013-01-29 | Ricoh Company, Limited | Wireless communication system, wireless host, and wireless device |
US9298700B1 (en) | 2009-07-28 | 2016-03-29 | Amazon Technologies, Inc. | Determining similar phrases |
US9654907B2 (en) * | 2009-08-14 | 2017-05-16 | Samsung Electronics Co., Ltd | System, method and apparatus for wireless network connection using near field communication |
US20150334516A1 (en) * | 2009-08-14 | 2015-11-19 | Samsung Electronics Co., Ltd. | System, method and apparatus for wireless network connection using near field communication |
US10007712B1 (en) | 2009-08-20 | 2018-06-26 | Amazon Technologies, Inc. | Enforcing user-specified rules |
US20110072501A1 (en) * | 2009-09-18 | 2011-03-24 | Kabushiki Kaisha Toshiba | Electronic apparatus and communication control method |
US9009485B2 (en) | 2009-09-18 | 2015-04-14 | Kabushiki Kaisha Toshiba | Electronic apparatus and communication control method |
US8516263B2 (en) * | 2009-09-18 | 2013-08-20 | Kabushiki Kaisha Toshiba | Electronic apparatus and communication control method |
US8788833B2 (en) * | 2009-09-18 | 2014-07-22 | Kabushiki Kaisha Toshiba | Electronic apparatus and communication control method |
US9940449B2 (en) * | 2009-09-21 | 2018-04-10 | James McNulty | Secure information storage and retrieval apparatus and method |
US11663304B2 (en) | 2009-09-21 | 2023-05-30 | James McNulty | Secure information storage and retrieval apparatus and method |
US20130191635A1 (en) * | 2009-11-26 | 2013-07-25 | Kabushiki Ksisha Toshiba | Wireless authentication terminal |
US20120047551A1 (en) * | 2009-12-28 | 2012-02-23 | Interdigital Patent Holdings, Inc. | Machine-To-Machine Gateway Architecture |
US11190824B2 (en) * | 2009-12-31 | 2021-11-30 | Cable Television Laboratories, Inc. | Zero sign-on authentication |
US8869263B2 (en) | 2010-02-26 | 2014-10-21 | Blackberry Limited | Wireless communications system providing mobile device authentication bypass based upon user-wearable security device and related methods |
US20110214158A1 (en) * | 2010-02-26 | 2011-09-01 | Research In Motion Limited | Wireless communications system providing mobile device authentication bypass based upon user-wearable security device and related methods |
US9485286B1 (en) * | 2010-03-02 | 2016-11-01 | Amazon Technologies, Inc. | Sharing media items with pass phrases |
US20110231922A1 (en) * | 2010-03-16 | 2011-09-22 | Ricoh Company, Ltd. | Communication apparatus, wireless communication system, and method of setting association information |
US8739263B2 (en) * | 2010-03-16 | 2014-05-27 | Ricoh Company, Ltd. | Communication apparatus, wireless communication system, and method of setting association information |
US9277407B2 (en) | 2010-03-29 | 2016-03-01 | Motorola Solutions, Inc. | Methods for authentication using near-field |
US20110238995A1 (en) * | 2010-03-29 | 2011-09-29 | Motorola, Inc. | Methods for authentication using near-field |
US8850196B2 (en) | 2010-03-29 | 2014-09-30 | Motorola Solutions, Inc. | Methods for authentication using near-field |
US20170255920A1 (en) * | 2010-05-21 | 2017-09-07 | Intel Corporation | Method and device for conducting trusted remote payment transactions |
US9665864B2 (en) * | 2010-05-21 | 2017-05-30 | Intel Corporation | Method and device for conducting trusted remote payment transactions |
US11935030B2 (en) * | 2010-05-21 | 2024-03-19 | Intel Corporation | Method and device for conducting trusted remote payment transactions |
US9013267B2 (en) | 2010-08-24 | 2015-04-21 | Rhonda Enterprises, Llc | Systems and methods for position-based loaning of electronic documents to electronic device users |
US20130159723A1 (en) * | 2010-09-23 | 2013-06-20 | Marc Brandt | Methods, apparatus and systems for monitoring locations of data within a network service |
US9166893B2 (en) * | 2010-09-23 | 2015-10-20 | Hewlett-Packard Development Company, L.P. | Methods, apparatus and systems for monitoring locations of data within a network service |
CN103098070A (en) * | 2010-09-23 | 2013-05-08 | 惠普发展公司,有限责任合伙企业 | Methods, apparatus and systems for monitoring locations of data within a network service |
US20120079609A1 (en) * | 2010-09-24 | 2012-03-29 | Research In Motion Limited | Method for establishing a plurality of modes of operation on a mobile device |
US9147085B2 (en) * | 2010-09-24 | 2015-09-29 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
US8959451B2 (en) | 2010-09-24 | 2015-02-17 | Blackberry Limited | Launching an application based on data classification |
US9531731B2 (en) | 2010-09-24 | 2016-12-27 | Blackberry Limited | Method for establishing a plurality of modes of operation on a mobile device |
US9519765B2 (en) | 2010-09-24 | 2016-12-13 | Blackberry Limited | Method and apparatus for differentiated access control |
US9378394B2 (en) | 2010-09-24 | 2016-06-28 | Blackberry Limited | Method and apparatus for differentiated access control |
US10318764B2 (en) | 2010-09-24 | 2019-06-11 | Blackberry Limited | Method and apparatus for differentiated access control |
US9047451B2 (en) | 2010-09-24 | 2015-06-02 | Blackberry Limited | Method and apparatus for differentiated access control |
US9059984B2 (en) | 2010-09-27 | 2015-06-16 | Blackberry Limited | Authenticating an auxiliary device from a portable electronic device |
US8578461B2 (en) | 2010-09-27 | 2013-11-05 | Blackberry Limited | Authenticating an auxiliary device from a portable electronic device |
US9225727B2 (en) | 2010-11-15 | 2015-12-29 | Blackberry Limited | Data source based application sandboxing |
US9390298B2 (en) * | 2010-11-17 | 2016-07-12 | Blackberry Limited | Application routing configuration for NFC controller supporting multiple NFCEEs |
US20140035727A1 (en) * | 2010-11-17 | 2014-02-06 | Research In Motion Limited | Application Routing Configuration for NFC Controller Supporting Multiple NFCEEs |
US10028078B2 (en) | 2010-11-17 | 2018-07-17 | Blackberry Limited | Application routing configuration for NFC controller supporting multiple NFCEEs |
FR2969440A1 (en) * | 2010-12-21 | 2012-06-22 | Oberthur Technologies | ELECTRONIC DEVICE AND COMMUNICATION METHOD |
US9769656B2 (en) | 2010-12-21 | 2017-09-19 | Oberthur Technologies | Electronic device and communication method |
EP2469904A1 (en) * | 2010-12-21 | 2012-06-27 | Oberthur Technologies | Electronic device and communication method |
US9495511B2 (en) | 2011-03-01 | 2016-11-15 | Covidien Lp | Remote monitoring systems and methods for medical devices |
EP2509296B1 (en) * | 2011-04-04 | 2017-01-18 | Telia Company AB | A system and a method for managing a subscription for a data communications network |
US9135612B1 (en) | 2011-04-17 | 2015-09-15 | Proctor Consulting, LLC | Proximity detection, virtual detection, or location based triggering of the exchange of value and information |
US10204357B2 (en) | 2011-04-17 | 2019-02-12 | Proctor Consulting Llc | Proximity detection, virtual detection, or location based triggering of the exchange of value and information |
US9460433B2 (en) | 2011-04-17 | 2016-10-04 | Proctor Consulting LLP | Proximity detection, virtual detection, or location based triggering of the exchange of value and information |
US20130006784A1 (en) * | 2011-06-30 | 2013-01-03 | Cable Television Laboratories, Inc. | Personal authentication |
US9621350B2 (en) * | 2011-06-30 | 2017-04-11 | Cable Television Laboratories, Inc. | Personal authentication |
US9967055B2 (en) | 2011-08-08 | 2018-05-08 | Blackberry Limited | System and method to increase link adaptation performance with multi-level feedback |
US9497220B2 (en) | 2011-10-17 | 2016-11-15 | Blackberry Limited | Dynamically generating perimeters |
US10735964B2 (en) | 2011-10-17 | 2020-08-04 | Blackberry Limited | Associating services to perimeters |
US9402184B2 (en) | 2011-10-17 | 2016-07-26 | Blackberry Limited | Associating services to perimeters |
US9161226B2 (en) | 2011-10-17 | 2015-10-13 | Blackberry Limited | Associating services to perimeters |
US9379779B2 (en) | 2011-10-21 | 2016-06-28 | Lg Electronics Inc. | Electronic device and a method of operating the same |
US9713043B2 (en) | 2011-10-21 | 2017-07-18 | Lg Electronics Inc. | Electronic device and a method of operating the same |
US11875317B2 (en) | 2011-10-25 | 2024-01-16 | Isi Corporation | Electronic money transfer method and system for the same |
US11138573B2 (en) * | 2011-10-25 | 2021-10-05 | Isi Corporation | Electronic money transfer payment method and system for same |
EP2775745A4 (en) * | 2011-10-31 | 2015-06-24 | Mozido Corfire Korea Ltd | Method and system for providing information using a consent procedure executed by means of near-field communication |
US10848520B2 (en) | 2011-11-10 | 2020-11-24 | Blackberry Limited | Managing access to resources |
US9613219B2 (en) | 2011-11-10 | 2017-04-04 | Blackberry Limited | Managing cross perimeter access |
US9720915B2 (en) | 2011-11-11 | 2017-08-01 | Blackberry Limited | Presenting metadata from multiple perimeters |
US8799227B2 (en) | 2011-11-11 | 2014-08-05 | Blackberry Limited | Presenting metadata from multiple perimeters |
US20150003611A1 (en) * | 2011-12-12 | 2015-01-01 | Sony Corporation | System for transmitting a data signal in a network, method, mobile transmitting device and network device |
US9681293B2 (en) * | 2011-12-12 | 2017-06-13 | Sony Corporation | System for transmitting a data signal in a network, method, mobile transmitting device and network device |
TWI634770B (en) * | 2011-12-12 | 2018-09-01 | 新力股份有限公司 | System for transmitting a data signal in a network, method, mobile transmitting device and network device |
EP2791782B1 (en) | 2011-12-15 | 2018-10-03 | Becton, Dickinson and Company | Near field telemetry link for passing a shared secret to establish a secure radio frequency communication link in a physiological condition monitoring system |
EP2795568A4 (en) * | 2011-12-22 | 2015-09-16 | Covidien Lp | System and method for patient identification in a remote monitoring system |
US20130198516A1 (en) * | 2012-01-18 | 2013-08-01 | OneID Inc. | Methods and systems for pairing devices |
US11012240B1 (en) | 2012-01-18 | 2021-05-18 | Neustar, Inc. | Methods and systems for device authentication |
US9203819B2 (en) * | 2012-01-18 | 2015-12-01 | OneID Inc. | Methods and systems for pairing devices |
US11818272B2 (en) | 2012-01-18 | 2023-11-14 | Neustar, Inc. | Methods and systems for device authentication |
US20130191897A1 (en) * | 2012-01-24 | 2013-07-25 | Cummings Engineering Consultants, Inc. | Field Provisioning a Device to a Secure Enclave |
US9262604B2 (en) | 2012-02-01 | 2016-02-16 | Blackberry Limited | Method and system for locking an electronic device |
US9854423B2 (en) * | 2012-02-02 | 2017-12-26 | Sierra Wireless, Inc. | Subscription and charging control for wireless communications between proximate devices |
US20130203378A1 (en) * | 2012-02-02 | 2013-08-08 | Sierra Wireless, Inc | Subscription and charging control for wireless communications between proximate devices |
EP2810492A4 (en) * | 2012-02-02 | 2016-01-06 | Sierra Wireless Inc | Subscription and charging control for wireless communications between proximate devices |
US20130212248A1 (en) * | 2012-02-13 | 2013-08-15 | XceedlD Corporation | Credential management system |
US20130212661A1 (en) * | 2012-02-13 | 2013-08-15 | XceedlD Corporation | Credential management system |
US20130212660A1 (en) * | 2012-02-13 | 2013-08-15 | Xceedid Corporation | Credential manangement system |
US9698975B2 (en) | 2012-02-15 | 2017-07-04 | Blackberry Limited | Key management on device for perimeters |
US9077622B2 (en) | 2012-02-16 | 2015-07-07 | Blackberry Limited | Method and apparatus for automatic VPN login on interface selection |
US9306948B2 (en) | 2012-02-16 | 2016-04-05 | Blackberry Limited | Method and apparatus for separation of connection data by perimeter type |
US8931045B2 (en) | 2012-02-16 | 2015-01-06 | Blackberry Limited | Method and apparatus for management of multiple grouped resources on device |
US9294470B2 (en) | 2012-02-17 | 2016-03-22 | Blackberry Limited | Certificate management method based on connectivity and policy |
US9426145B2 (en) | 2012-02-17 | 2016-08-23 | Blackberry Limited | Designation of classes for certificates and keys |
US8893219B2 (en) | 2012-02-17 | 2014-11-18 | Blackberry Limited | Certificate management method based on connectivity and policy |
US20180332556A1 (en) * | 2012-03-12 | 2018-11-15 | Blackberry Limited | Wireless Local Area Network Hotspot Registration Using Near Field Communications |
US11129123B2 (en) * | 2012-03-12 | 2021-09-21 | Blackberry Limited | Wireless local area network hotspot registration using near field communications |
US10282153B2 (en) | 2012-03-30 | 2019-05-07 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of wireless communication interfaces |
US11381280B2 (en) | 2012-03-30 | 2022-07-05 | Brother Kogyo Kabushiki Kaisha | Communication device |
US10333587B2 (en) | 2012-03-30 | 2019-06-25 | Brother Kogyo Kabushiki Kaisha | Communication device |
US10879960B2 (en) | 2012-03-30 | 2020-12-29 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9781299B2 (en) | 2012-03-30 | 2017-10-03 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of wireless communication interfaces |
US10831427B2 (en) | 2012-03-30 | 2020-11-10 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of wireless communication interfaces |
US11435969B2 (en) | 2012-03-30 | 2022-09-06 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of wireless communication interfaces |
US11733950B2 (en) | 2012-03-30 | 2023-08-22 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of wireless communication interfaces |
US9787363B2 (en) | 2012-03-30 | 2017-10-10 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9858022B2 (en) | 2012-03-30 | 2018-01-02 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of wireless communication interfaces |
US9106781B2 (en) | 2012-03-30 | 2015-08-11 | Brother Kogyo Kabushiki Kaisha | Function executing device with two types of interfaces for executing a communication with a terminal device |
US20170237472A1 (en) | 2012-03-30 | 2017-08-17 | Brother Kogyo Kabushiki Kaisha | Communication Device |
US10592872B2 (en) * | 2012-05-21 | 2020-03-17 | Nexiden Inc. | Secure registration and authentication of a user using a mobile device |
US20190043022A1 (en) * | 2012-05-21 | 2019-02-07 | Nexiden, Inc. | Secure registration and authentication of a user using a mobile device |
US9026668B2 (en) | 2012-05-26 | 2015-05-05 | Free Stream Media Corp. | Real-time and retargeted advertising on multiple screens of a user watching television |
US11032283B2 (en) | 2012-06-21 | 2021-06-08 | Blackberry Limited | Managing use of network resources |
US9369466B2 (en) | 2012-06-21 | 2016-06-14 | Blackberry Limited | Managing use of network resources |
WO2014000103A1 (en) * | 2012-06-26 | 2014-01-03 | Certicom Corp. | Methods and devices for establishing trust on first use for close proximity communications |
US9696956B2 (en) | 2012-07-03 | 2017-07-04 | Brother Kogyo Kabushiki Kaisha | Communication device communicating target data with external device according to near field communication |
US10108383B2 (en) | 2012-07-03 | 2018-10-23 | Brother Kogyo Kabushiki Kaisha | Communication device communicating target data with external device according to near field communication |
US9423856B2 (en) | 2012-07-11 | 2016-08-23 | Blackberry Limited | Resetting inactivity timer on computing device |
US8972762B2 (en) | 2012-07-11 | 2015-03-03 | Blackberry Limited | Computing devices and methods for resetting inactivity timers on computing devices |
US9698875B2 (en) | 2012-08-03 | 2017-07-04 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9596007B2 (en) | 2012-08-03 | 2017-03-14 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9661667B2 (en) | 2012-08-03 | 2017-05-23 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9887742B2 (en) | 2012-08-03 | 2018-02-06 | Brother Kogyo Kabushiki Kaisha | Communication device |
US10389408B2 (en) | 2012-08-06 | 2019-08-20 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9485608B2 (en) | 2012-08-06 | 2016-11-01 | Brother Kogyo Kabushiki Kaisha | Communication device |
US9866992B2 (en) | 2012-08-06 | 2018-01-09 | Brother Kogyo Kabushiki Kaisha | Communication device |
US20180053179A1 (en) * | 2012-08-21 | 2018-02-22 | Bankinter S.A. | Method and System to Enable Mobile Contactless Ticketing/Payments Via a Mobile Phone Application |
EP2704410A1 (en) * | 2012-09-03 | 2014-03-05 | Brother Kogyo Kabushiki Kaisha | Image processing apparatus, information processing apparatus, and image processing method |
US8958100B2 (en) | 2012-09-03 | 2015-02-17 | Brother Kogyo Kabushiki Kaisha | Image processing apparatus, information processing apparatus, and image processing method for processing a print job transmitted from the information processing apparatus to the image forming apparatus via communication protocol |
US9065771B2 (en) | 2012-10-24 | 2015-06-23 | Blackberry Limited | Managing application execution and data access on a device |
US9075955B2 (en) | 2012-10-24 | 2015-07-07 | Blackberry Limited | Managing permission settings applied to applications |
US8656016B1 (en) | 2012-10-24 | 2014-02-18 | Blackberry Limited | Managing application execution and data access on a device |
US20140119356A1 (en) * | 2012-10-31 | 2014-05-01 | Hon Hai Precision Industry Co., Ltd. | Nfc server and nfc service method of communication devices using wifi direct |
CN104769913A (en) * | 2012-11-07 | 2015-07-08 | 微软公司 | Policy-based resource access via NFC |
US20140136633A1 (en) * | 2012-11-15 | 2014-05-15 | Samsung Electronics Co. Ltd. | Apparatus and method for sharing time-sensitive data between devices with intermittent connectivity |
US9628424B2 (en) * | 2012-11-15 | 2017-04-18 | Samsung Electronics Co., Ltd. | Apparatus and method for sharing time-sensitive data between devices with intermittent connectivity |
US20140162608A1 (en) * | 2012-12-06 | 2014-06-12 | International Business Machines Corporation | Collaborative sharing of contextually similar cache data to reduce network usage |
WO2014096332A1 (en) * | 2012-12-21 | 2014-06-26 | Gemalto Sa | Method and apparatus for providing secure access to a network |
EP2747370A1 (en) * | 2012-12-21 | 2014-06-25 | Gemalto SA | Method and apparatus for providing secure access to a network |
US8955081B2 (en) | 2012-12-27 | 2015-02-10 | Motorola Solutions, Inc. | Method and apparatus for single sign-on collaboraton among mobile devices |
US8782766B1 (en) | 2012-12-27 | 2014-07-15 | Motorola Solutions, Inc. | Method and apparatus for single sign-on collaboration among mobile devices |
US9332431B2 (en) | 2012-12-27 | 2016-05-03 | Motorola Solutions, Inc. | Method of and system for authenticating and operating personal communication devices over public safety networks |
US8806205B2 (en) | 2012-12-27 | 2014-08-12 | Motorola Solutions, Inc. | Apparatus for and method of multi-factor authentication among collaborating communication devices |
US9497338B2 (en) | 2013-01-03 | 2016-11-15 | Samsung Electronics Co., Ltd. | Image forming apparatus supporting near field communication (NFC) function and method of setting an image job using NFC device |
US10033903B2 (en) | 2013-01-03 | 2018-07-24 | S-Printing Solution Co., Ltd. | Image forming apparatus supporting near field communication (NFC) function and method of setting an image job using NFC device |
US9386451B2 (en) | 2013-01-29 | 2016-07-05 | Blackberry Limited | Managing application access to certificates and keys |
US10460086B2 (en) | 2013-01-29 | 2019-10-29 | Blackberry Limited | Managing application access to certificates and keys |
US9940447B2 (en) | 2013-01-29 | 2018-04-10 | Blackberry Limited | Managing application access to certificates and keys |
US11295298B2 (en) | 2013-02-08 | 2022-04-05 | Schlage Lock Company Llc | Control system and method |
WO2014124405A3 (en) * | 2013-02-08 | 2014-10-16 | Schlage Lock Company Llc | Control system and method |
WO2014124405A2 (en) * | 2013-02-08 | 2014-08-14 | Schlage Lock Company Llc | Control system and method |
US10037525B2 (en) | 2013-02-08 | 2018-07-31 | Schlage Lock Company Llc | Control system and method |
US9277402B2 (en) | 2013-03-06 | 2016-03-01 | Qualcomm Incorporated | Systems and methods for secure high-speed link maintenance via NFC |
US10841104B2 (en) | 2013-03-15 | 2020-11-17 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US10305695B1 (en) | 2013-03-15 | 2019-05-28 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US11588650B2 (en) | 2013-03-15 | 2023-02-21 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US11930126B2 (en) | 2013-03-15 | 2024-03-12 | Piltorak Technologies LLC | System and method for secure relayed communications from an implantable medical device |
US9215075B1 (en) * | 2013-03-15 | 2015-12-15 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US9942051B1 (en) | 2013-03-15 | 2018-04-10 | Poltorak Technologies Llc | System and method for secure relayed communications from an implantable medical device |
US20140289519A1 (en) * | 2013-03-22 | 2014-09-25 | Hewlett-Packard Development Company, L.P. | Entities with biometrically derived keys |
US9609690B2 (en) | 2013-03-28 | 2017-03-28 | Brother Kogyo Kabushiki Kaisha | Communication device |
US10579987B2 (en) * | 2013-08-30 | 2020-03-03 | Thales Dis France Sa | Method for authenticating transactions |
WO2015039874A1 (en) * | 2013-09-23 | 2015-03-26 | BSH Bosch und Siemens Hausgeräte GmbH | Method for connecting a domestic appliance to a wireless home network, computer program product, portable communications terminal and domestic appliance |
US10177932B2 (en) | 2013-09-23 | 2019-01-08 | Bsh Hausgeraete Gmbh | Method for connecting a domestic appliance to a wireless home network, computer program product, portable communications terminal and domestic appliance |
US10142014B2 (en) | 2013-09-30 | 2018-11-27 | Brother Kogyo Kabushiki Kaisha | Multi-function device and terminal device |
US20150092225A1 (en) * | 2013-09-30 | 2015-04-02 | Brother Kogyo Kabushiki Kaisha | Function executing device |
US11012149B2 (en) | 2013-09-30 | 2021-05-18 | Brother Kogyo Kabushiki Kaisha | Communication device and terminal device |
US9164712B2 (en) * | 2013-09-30 | 2015-10-20 | Brother Kogyo Kabushiki Kaisha | Function executing device |
US10581516B2 (en) | 2013-09-30 | 2020-03-03 | Brother Kogyo Kabushiki Kaisha | Communication device and terminal device |
US20150181430A1 (en) * | 2013-12-19 | 2015-06-25 | Kwan Ho Lee | Systems and methods for communication using a body area network |
US10177933B2 (en) * | 2014-02-05 | 2019-01-08 | Apple Inc. | Controller networks for an accessory management system |
US20150351145A1 (en) * | 2014-02-05 | 2015-12-03 | Apple Inc. | Controller networks for an accessory management system |
US10305770B2 (en) | 2014-02-05 | 2019-05-28 | Apple Inc. | Uniform communication protocols for communication between controllers and accessories |
US9979625B2 (en) | 2014-02-05 | 2018-05-22 | Apple Inc. | Uniform communication protocols for communication between controllers and accessories |
US11283703B2 (en) | 2014-02-05 | 2022-03-22 | Apple Inc. | Uniform communication protocols for communication between controllers and accessories |
US10454783B2 (en) | 2014-02-05 | 2019-10-22 | Apple Inc. | Accessory management system using environment model |
US20170220791A1 (en) * | 2014-02-14 | 2017-08-03 | Ntt Docomo, Inc. | Terminal device, authentication information management method, and authentication information management system |
US11641573B2 (en) | 2014-05-30 | 2023-05-02 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US10542403B2 (en) | 2014-05-30 | 2020-01-21 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US11671813B2 (en) | 2014-05-30 | 2023-06-06 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US10278045B2 (en) | 2014-05-30 | 2019-04-30 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US11140535B2 (en) | 2014-05-30 | 2021-10-05 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US11956705B2 (en) | 2014-05-30 | 2024-04-09 | Brother Kogyo Kabushiki Kaisha | Function execution device and communication terminal |
US10115243B2 (en) * | 2014-06-23 | 2018-10-30 | Nxp B.V. | Near field communication system |
US20150371453A1 (en) * | 2014-06-23 | 2015-12-24 | Nxp B.V. | Near field communication system |
US10560491B2 (en) | 2015-02-05 | 2020-02-11 | Xiaomi Inc. | Methods and apparatuses for binding with device |
US10206170B2 (en) | 2015-02-05 | 2019-02-12 | Apple Inc. | Dynamic connection path detection and selection for wireless controllers and accessories |
US9565513B1 (en) * | 2015-03-02 | 2017-02-07 | Thirdwayv, Inc. | Systems and methods for providing long-range network services to short-range wireless devices |
US20160344559A1 (en) * | 2015-05-22 | 2016-11-24 | Motorola Solutions, Inc | Method and apparatus for initial certificate enrollment in a wireless communication system |
GB2559229B (en) * | 2015-05-22 | 2019-12-18 | Motorola Solutions Inc | Method and apparatus for initial certificate enrollment in a wireless communication system |
AU2016266913B2 (en) * | 2015-05-22 | 2019-04-04 | Motorola Solutions, Inc. | Method and apparatus for initial certificate enrollment in a wireless communication system |
GB2559229A (en) * | 2015-05-22 | 2018-08-01 | Motorola Solutions Inc | Method and apparatus for initial certificate enrollment in a wireless communication system |
US9882726B2 (en) * | 2015-05-22 | 2018-01-30 | Motorola Solutions, Inc. | Method and apparatus for initial certificate enrollment in a wireless communication system |
WO2016191138A1 (en) * | 2015-05-22 | 2016-12-01 | Motorola Solutions, Inc. | Method and apparatus for initial certificate enrollment in a wireless communication system |
US20170061404A1 (en) * | 2015-07-15 | 2017-03-02 | NXT-ID, Inc. | System and Method to Personalize Products and Services |
US10362536B2 (en) | 2016-01-08 | 2019-07-23 | Apple Inc. | Dynamic connection path detection and selection for wireless controllers and accessories |
US11025428B2 (en) | 2016-05-05 | 2021-06-01 | Neustar, Inc. | Systems and methods for enabling trusted communications between controllers |
US11277439B2 (en) | 2016-05-05 | 2022-03-15 | Neustar, Inc. | Systems and methods for mitigating and/or preventing distributed denial-of-service attacks |
US11108562B2 (en) | 2016-05-05 | 2021-08-31 | Neustar, Inc. | Systems and methods for verifying a route taken by a communication |
US10958725B2 (en) | 2016-05-05 | 2021-03-23 | Neustar, Inc. | Systems and methods for distributing partial data to subnetworks |
US10404472B2 (en) | 2016-05-05 | 2019-09-03 | Neustar, Inc. | Systems and methods for enabling trusted communications between entities |
US11804967B2 (en) | 2016-05-05 | 2023-10-31 | Neustar, Inc. | Systems and methods for verifying a route taken by a communication |
US11665004B2 (en) | 2016-05-05 | 2023-05-30 | Neustar, Inc. | Systems and methods for enabling trusted communications between controllers |
US10104549B2 (en) * | 2016-09-30 | 2018-10-16 | Mitsubishi Electric Corporation | Network provisioning system and method for collection of endpoints |
US20210377311A1 (en) * | 2016-12-29 | 2021-12-02 | Maxlinear, Inc. | Establishment of network connections |
US11716353B2 (en) * | 2016-12-29 | 2023-08-01 | Maxlinear, Inc. | Establishment of network connections |
US10496508B2 (en) | 2017-06-02 | 2019-12-03 | Apple Inc. | Accessory communication control |
US11698846B2 (en) | 2017-06-02 | 2023-07-11 | Apple Inc. | Accessory communication control |
US11132275B2 (en) | 2017-06-02 | 2021-09-28 | Apple Inc. | Accessory communication control |
WO2019036727A1 (en) * | 2017-08-15 | 2019-02-21 | Qualcomm Incorporated | Provisioning a device for use in a personal area network |
US11025439B2 (en) * | 2017-08-30 | 2021-06-01 | Raytheon Company | Self-organizing mobile peer-to-peer mesh network authentication |
US10986091B2 (en) * | 2017-10-30 | 2021-04-20 | EMC IP Holding Company LLC | Systems and methods of serverless management of data mobility domains |
US20190132314A1 (en) * | 2017-10-30 | 2019-05-02 | EMC IP Holding Company LLC | Systems and methods of serverless management of data mobility domains |
US10999265B2 (en) * | 2017-11-15 | 2021-05-04 | Team One International Holding Pte Ltd. | Method and system for deploying wireless IoT sensor nodes |
US11750655B2 (en) * | 2018-02-13 | 2023-09-05 | Fingerprint Cards Anacatum Ip Ab | Registration of data at a sensor reader and request of data at the sensor reader |
US20210006597A1 (en) * | 2018-02-13 | 2021-01-07 | Fingerprint Cards Ab | Registration of data at a sensor reader and request of data at the sensor reader |
US10595073B2 (en) | 2018-06-03 | 2020-03-17 | Apple Inc. | Techniques for authorizing controller devices |
US11805009B2 (en) | 2018-06-03 | 2023-10-31 | Apple Inc. | Configuring accessory network connections |
US20220272400A1 (en) * | 2018-06-03 | 2022-08-25 | Apple Inc. | Techniques for authorizing controller devices |
US11297373B2 (en) | 2018-06-03 | 2022-04-05 | Apple Inc. | Techniques for authorizing controller devices |
US11949938B2 (en) * | 2018-06-03 | 2024-04-02 | Apple Inc. | Techniques for authorizing controller devices |
WO2020081618A1 (en) * | 2018-10-16 | 2020-04-23 | Thierry Charles Hubert | Proximity electronic credit exchange system and method thereof |
US11570168B2 (en) * | 2019-09-17 | 2023-01-31 | Mastercard International Incorporated | Techniques for repeat authentication |
WO2023141493A3 (en) * | 2022-01-20 | 2023-08-24 | Ping Identity Corporation | Method and apparatus for secure authentication based on proximity |
Also Published As
Publication number | Publication date |
---|---|
EP2126854A2 (en) | 2009-12-02 |
CN101617346A (en) | 2009-12-30 |
WO2008103991A3 (en) | 2008-10-16 |
US8522019B2 (en) | 2013-08-27 |
WO2008103991A2 (en) | 2008-08-28 |
JP5415600B2 (en) | 2014-02-12 |
KR101216545B1 (en) | 2013-01-02 |
KR20090122968A (en) | 2009-12-01 |
JP2010519640A (en) | 2010-06-03 |
CN101617346B (en) | 2013-08-21 |
JP2013017188A (en) | 2013-01-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8522019B2 (en) | Method and apparatus to create trust domains based on proximity | |
US8687536B2 (en) | Method and apparatus to create multicast groups based on proximity | |
CN113169971B (en) | Secure extended range application data exchange | |
US10115101B2 (en) | Wireless establishment of identity via bi-directional RFID | |
US10769615B2 (en) | Device and method in wireless communication system and wireless communication system | |
KR20160124648A (en) | Method and apparatus for downloading and installing a profile | |
EP2439969B1 (en) | Authentication of personal data over telecommunications system | |
US20140189789A1 (en) | Method and apparatus for ensuring collaboration between a narrowband device and a broadband device | |
WO2007100202A1 (en) | Authentication system for online financial transactions and user terminal for authentication of online financial transactions | |
WO2017206680A1 (en) | Point-to-point transfer system and method | |
WO2016165429A1 (en) | Service processing method and apparatus, and terminal | |
US20070028092A1 (en) | Method and system for enabling chap authentication over PANA without using EAP | |
KR102163676B1 (en) | Method for Multi Authentication by using One Time Division Code | |
Çabuk et al. | WIDIPAY: A CROSS-LAYER DESIGN FOR MOBILE PAYMENT SYSTEM OVER LTE DIRECT | |
CN111582848A (en) | Transaction data transmission method and system | |
Shon et al. | Improved RF4CE key agreement approach involving two‐phase key distribution for smart‐convergence home device | |
da Rocha Babo | Generic and Parameterizable Service for Remote Configuration of Mobile Phones Using Near Field Communication | |
KR20150066664A (en) | Method for Providing Multi-Channel Authentication by using Chip Module | |
KR20130100624A (en) | Method for controlling inverse multiple communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: QUALCOMM INCORPORATED, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICHAELIS, OLIVER;REEL/FRAME:020983/0072 Effective date: 20080424 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20210827 |